Merge pull request #5 from TheIceBreaker7/patch-1

disable requested authentication context
apostrophecms-legacy · Oct 1, 2018 · c0240e2 · c0240e2
2 parents ae19a09 + eb9c500
commit c0240e2
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -47,6 +47,20 @@ npm install apostrophe-saml
       // your identity provider may result in mysterious failed logins.
       // Make sure they are on board with what this URL has been set to
       callbackUrl: 'https://example.com/auth/saml/login/callback'
+      //
+      // OPTIONAL: Extra passport-saml options
+      // Configuring saml in your environment can be tricky, and most
+      // environments have unique aspects to them that aren't handled
+      // directly by this wrapper. To help with this problem, you can
+      // pass extra passport-saml options through the following object.
+      // More details about available options can be found here:
+      // https://github.com/bergie/passport-saml#config-parameter-details
+      //
+      //  passportSamlOptions: {
+      //    disableRequestedAuthnContext: true,
+      //    logoutUrl: 'https://examples.com/auth/saml/SLO',
+      //    forceAuthn: true 
+      //  }
     },
     'apostrophe-login': {
       // OPTIONAL: disable regular site logins completely

diff --git a/index.js b/index.js
@@ -50,7 +50,9 @@ module.exports = {
       // passport-saml uses entryPoint, not identityProviderUrl
       config.entryPoint = config.identityProviderUrl;  
       config.callbackUrl = options.callbackUrl || (options.apos.options.baseUrl + '/auth/saml/login/callback');
-
+      //Add our extra passportSamlOptions into our config object
+      config = self.addPassportSamlOptions(config);
+
       var strategy = new passportSaml.Strategy(
         config,
         self.profileCallback
@@ -85,6 +87,12 @@ module.exports = {
         return '/auth/saml/login/callback';
       }
     };
+
+    self.addPassportSamlOptions = function(config) {
+      //merge the base configuration options into the passportSamlOptionsObject
+      //Note: if you have the same attribute in both objects, the base configuration option will overwrite the passportSamlOptions attribute	  {
+      return Object.assign({}, options.passportSamlOptions, config);
+    };
 
     self.addRoutes = function() {
       self.apos.app.get(self.getLoginPath(),