Pkg
Stats

npm package discovery and stats viewer.

Discover Tips

General search
[free text search, go nuts!]
Package details
pkg:[package-name]
User packages
@[username]

Sponsor

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Twitter
@PkgStats
GitHub
pkgstats
Twitter
@ryanhefner
GitHub
ryanhefner
Site
ryanhefner.com

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

Framework
react / react-dom
Server
next / express / next-routes
Data Store
redux / react-redux / next-redux-wrapper / redux-thunk / redux-logger
Caching
lru-cache
CSS / Styling
next-page-transitions / styled-components
Typeface
@ibm/plex
Avatars
gravatar
Data Viz
chart.js / react-sparklines
Date formatting
dayjs
Infinite scrolling
react-scroll-trigger
Markdown rendering
react-markdown
Repository url parsing
hosted-git-info
User data
npm-user
Compiling
babel-plugin-module-resolver / babel-plugin-styled-components
Types
prop-types
Odds & Ends
es6-promise / isomorphic-fetch

© 2026 – Pkg Stats / Ryan Hefner

saml2-no-sessionindex

v1.0.1

Published

4 years ago

SAML 2.0 node helpers forked from Clever

0High
0Medium
0Low

SAML2-js

saml2-js is a node module that abstracts away the complexities of the SAML protocol behind an easy to use interface.

Usage

Install with npm.

  npm install saml2-js --save

Include the SAML library.

  var saml2 = require('saml2-js');

Documentation

This library exports two constructors.

ServiceProvider - Represents a service provider that relies on a trusted IdentityProvider for authentication and authorization in the SAML flow.
IdentityProvider - Represents an online service that authenticates users in the SAML flow.

Options

An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.

entity_id - Required - Unique identifier for the service provider, often the URL of the metadata file.
private_key - Required - (PEM format string) - Private key for the service provider.
certificate - Required - (PEM format string) - Certificate for the service provider.
assert_endpoint - Required - URL of service provider assert endpoint.
force_authn - (Boolean) - If true, forces re-authentication of users even if the user has a SSO session with the IdP. This can also be configured on the IdP or on a per-method basis.
auth_context - Specifies AuthnContextClassRef. This can also be configured on a per-method basis.
nameid_format - Format for Name ID. This can also be configured on a per-method basis.
sign_get_request - (Boolean) - If true, signs the request. This can also be configured on the IdP or on a per-method basis.
allow_unencrypted_assertion - (Boolean) - If true, allows unencrypted assertions. This can also be configured on the IdP or on a per-method basis.

Returns the following functions

create_login_request_url(IdP, options, cb) - Get a URL to initiate a login.
redirect_assert(IdP, options, cb) - Gets a SAML response object if the login attempt is valid, used for redirect binding.
post_assert(IdP, options, cb) - Gets a SAML response object if the login attempt is valid, used for post binding.
create_logout_request_url(IdP, options, cb)- Creates a SAML Request URL to initiate a user logout.
create_logout_response_url(IdP, options, cb) - Creates a SAML Response URL to confirm a successful IdP initiated logout.
create_metadata() - Returns the XML metadata used during the initial SAML configuration.

Example


  var sp_options = {
    entity_id: "https://sp.example.com/metadata.xml",
    private_key: fs.readFileSync("key-file.pem").toString(),
    certificate: fs.readFileSync("cert-file.crt").toString(),
    assert_endpoint: "https://sp.example.com/assert",
    force_authn: true,
    auth_context: { comparison: "exact", class_refs: ["urn:oasis:names:tc:SAML:1.0:am:password"] },
    nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
    sign_get_request: false,
    allow_unencrypted_assertion: true
  }

  // Call service provider constructor with options
  var sp = new saml2.ServiceProvider(sp_options);

  // Example use of service provider.
  // Call metadata to get XML metatadata used in configuration.
  var metadata = sp.create_metadata();

Service provider function definitions

Takes the following arguments:

IdP - IdP
options - An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.
- relay_state - SAML relay state.
- auth_context - Specifies AuthnContextClassRef. This can also be configured on the SP.
- nameid_format - Format for Name ID. This can also be configured on the SP.
- force_authn- (Boolean) - If true, forces re-authentication of users even if the user has a SSO session with the IdP. This can also be configured on the IdP or SP.
- sign_get_request - (Boolean) - If true, signs the request. This can also be configured on the IdP or SP.
cb(error, login_url, request_id) - Callback called with the login URL and ID of the request.

Takes the following arguments:

IdP - IdP
options - An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.
- request_body - (Object) - An object containing the parsed query string parameters. This object should contain the value for either a SAMLResponse or SAMLRequest.
- allow_unencrypted_assertion - (Boolean) - If true, allows unencrypted assertions. This can also be configured on the IdP or SP.
cb(error, response) - Callback called with the request response.

{ response_header:
   { id: '_abc-1',
     destination: 'https://sp.example.com/assert',
     in_response_to: '_abc-2' },
  type: 'authn_response',
  user:
   { name_id: 'nameid',
     session_index: '_abc-3',
     attributes:
      { 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname': [ 'Test' ] } } }

Takes the following arguments:

IdP - IdP
options - An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.
- request_body - (Object) - An object containing the parsed query string parameters. This object should contain the value for either a SAMLResponse or SAMLRequest.
- allow_unencrypted_assertion - (Boolean) - If true, allows unencrypted assertions. This can also be configured on the IdP or SP.
cb(error, response) - Callback called with the request response.

Takes the following arguments:

IdP - IdP. Note: Can pass sso_logout_url instead of IdP.
options - An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.
- name_id - Format for Name ID. This can also be configured on a per-method basis.
- session_index - Session index to use for creating logout request.
- allow_unencrypted_assertion - (Boolean) - If true, allows unencrypted assertions. This can also be configured on the IdP or SP.
- sign_get_request - (Boolean) - If true, signs the request. This can also be configured on the IdP or SP.
- relay_state - SAML relay state.
cb(error, request_url) - Callback called with the logout request url.

Takes the following arguments:

IdP - IdP. Note: Can pass sso_logout_url instead of IdP.
options - An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.
- in_response_to - The ID of the request that this is in response to. Should be checked against any sent request IDs.
- sign_get_request - (Boolean) - If true, signs the request. This can also be configured on the IdP or SP.
- relay_state - SAML relay state.
cb(error, response_url) - Callback called with the logout response url.

Returns no functions, exists solely to be passed to an SP function.

Options

An object that can contain the below options. All options are strings, unless specified otherwise. See note for more information on options.

sso_login_url - Required - Login url to use during a login request.
sso_logout_url - Required - Logout url to use during a logout request.
certificates - Required - (PEM format string or array of PEM format strings) - Certificate or certificates (array of certificate) for the identity provider.
force_authn - (Boolean) - If true, forces re-authentication of users even if the user has a SSO session with the IdP. This can also be configured on the SP or on a per-method basis.
sign_get_request - (Boolean) - If true, signs the request. This can also be configured on the [SP or on a per-method basis.
allow_unencrypted_assertion - (Boolean) - If true, allows unencrypted assertions. This can also be configured on the SP or on a per-method basis.

Example


  // Initialize options object
  var idp_options = {
    sso_login_url: "https://idp.example.com/login",
    sso_logout_url: "https://idp.example.com/logout",
    certificates: [fs.readFileSync("cert-file1.crt").toString(), fs.readFileSync("cert-file2.crt").toString()],
    force_authn: true,
    sign_get_request: false,
    allow_unencrypted_assertion: false
  };

  // Call identity provider constructor with options
  var idp = new saml2.IdentityProvider(idp_options);

  // Example usage of identity provider.
  // Pass identity provider into a service provider function with options and a callback.
  sp.post_assert(idp, {}, callback);

Example: Express implementation

Library users will need to implement a set of URL endpoints, here is an example of express endpoints.

var saml2 = require('saml2-js');
var fs = require('fs');
var express = require('express');
var app = express();

// Create service provider
var sp_options = {
  entity_id: "https://sp.example.com/metadata.xml",
  private_key: fs.readFileSync("key-file.pem").toString(),
  certificate: fs.readFileSync("cert-file.crt").toString(),
  assert_endpoint: "https://sp.example.com/assert"
};
var sp = new saml2.ServiceProvider(sp_options);

// Create identity provider
var idp_options = {
  sso_login_url: "https://idp.example.com/login",
  sso_logout_url: "https://idp.example.com/logout",
  certificates: [fs.readFileSync("cert-file1.crt").toString(), fs.readFileSync("cert-file2.crt").toString()]
};
var idp = new saml2.IdentityProvider(idp_options);

// ------ Define express endpoints ------

// Endpoint to retrieve metadata
app.get("/metadata.xml", function(req, res) {
  res.send(sp.create_metadata());
});

// Starting point for login
app.get("/login", function(req, res) {
  sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
    if (err != null)
      return res.send(500);
    res.redirect(login_url);
  });
});

// Assert endpoint for when login completes
app.post("/assert", function(req, res) {
  var options = {request_body: req.body};
  sp.post_assert(idp, options, function(err, saml_response) {
    if (err != null)
      return res.send(500);

    // Save name_id and session_index for logout
    // Note:  In practice these should be saved in the user session, not globally.
    name_id = saml_response.user.name_id;
    session_index = saml_response.user.session_index;

    res.send("Hello #{saml_response.user.name_id}!");
  });
});

// Starting point for logout
app.get("/logout", function(req, res) {
  var options = {
    name_id: name_id,
    session_index: session_index
  };

  sp.create_logout_request_url(idp, options, function(err, logout_url) {
    if (err != null)
      return res.send(500);
    res.redirect(logout_url);
  });
});

app.listen(3000);