High-level Node.js API for Single Sign On (SAML 2.0)
Welcome all PRs for maintaining this project, or provide a link to the repositories especially for use cases alongside with different frameworks.
This module provides high-level API for scalable Single Sign On (SSO) implementation. Developers can easily configure the Service Providers and Identity Providers by importing the corresponding metadata. SAML2.0 provides a standard guide but leaves a lot of options, so we provide a simple interface that's highly configurable.
To install the stable version
$ npm install samlify
This project is now developed using TypeScript 2.0, also support Yarn which is a new package manager.
npm install typescript -g
yarn install
const saml = require('samlify');
See full documentation here
Signature algorithms
Data encryption algorithms
Key encryption algorithms
In the /examples folder, there are three entities (1 IdP and 2 SPs). They are at port 3001, 4002 and 4003.
Without using Single Sign On, users have to remember several pairs of username/password in order to log into different internal applications.
SAML proposes two ways to initiate Single Sign On, they are respectively Service Provider Initiated SSO and Identity Provider Initiated SSO. In SP-initated SSO, the user attempts to access SP but their federated identity is authenticated by IdP, so they first have to log on IdP, then IdP sends back a SAML assertion response to SP, and finally SP creates a session to user in order to access the resources.
In the approach of IdP-initated SSO, IdP provides links which refers to the resources in service providers. In this use case, users don't need to visit SP first.
IdP-initiated Single Logout is also provided and relied on relay state. IdP provides a link refers to the single logout endpoints in one of those participated service providers (SP1). The selected SP sends back a logout response to IdP with relay state which is the logout endpoint URL of next participated service provider (SP2), user finally log out IdP when all participated SP is logged out.
An introduction to Single Sign On
Copyright (C) 2016-2017 Tony Ngan, released under the MIT License.
FAQs
High-level API for Single Sign On (SAML 2.0)
The npm package samlify receives a total of 88,665 weekly downloads. As such, samlify popularity was classified as popular.
We found that samlify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.