使用 Azure AD 与第 3 方进行 SSO

Question

I have an organization wanting to do SSO using SAML 2.0 against my node.js based web app. When clicking a link for x.myapp.com, I want to utilize their IdP (which uses Azure AD with SAML 2.0) and redirect to my app and provide a few attributes to me.

I found passport-azure-ad and saml2-js npm packages but I don't see any examples that cover this scenario. Has anyone done this seemingly simple use case and provide any links or examples? I only found iOS or Android examples thus far but not web-based node.js apps.

Thank you.

Answer 1

Per my understanding , you are looking for a Azure AD SAML login nodejs demo. This demo will be helpful for you and it works for me.

If you want to use Azure AD as your idp, you should do some modify as below :

1.Create a folder named "cert" . Run this command to create key.pem and cert.pem under cert folder:

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out cert.pem

2. Go to Azure AD ,download idp cert here ,rename it as "cert_idp.pem" directly and place it under cert folder too : 3.Creatring a file named ".env" with content below :

 CALLBACK_URL=https://<your host>/login/callback ENTRY_POINT=<find the value in the capture below> ISSUER=<your Azure AD APP ID> SESSION_SECRET=secret

With the steps done , you can run this demo . in my case, I expose 4006 port to public network using ngrok , once you access the app , you will be redirected to Azure AD SAML login page to login:

Modify the get method under "/" as below to get MSAL token info after you logged in successfully:

app.get('/',
  ensureAuthenticated, 
  function(req, res) {
    res.send('Authenticated, SAML token info :'  + JSON.stringify(req.session.passport.user));
  }
);

If there is anything unclear , pls feel free to let me know : )