Samlify is a Node.js library that provides a comprehensive solution for implementing SAML (Security Assertion Markup Language) authentication. It allows developers to easily integrate SAML-based Single Sign-On (SSO) into their applications, supporting both Identity Provider (IdP) and Service Provider (SP) roles.
Service Provider (SP) Configuration
This feature allows you to configure a Service Provider (SP) in your application. The code sample demonstrates how to set up an SP with a specific entity ID and assertion consumer service URL.
{
"const saml = require('samlify');",
"const sp = saml.ServiceProvider({",
" entityID: 'sp.example.com',",
" assertionConsumerService: {",
" url: 'https://sp.example.com/acs',",
" binding: saml.Constants.namespace.binding.post",
" }",
"});"
}Identity Provider (IdP) Configuration
This feature allows you to configure an Identity Provider (IdP). The code sample shows how to set up an IdP with a specific entity ID and single sign-on service URL.
{
"const idp = saml.IdentityProvider({",
" entityID: 'idp.example.com',",
" singleSignOnService: {",
" url: 'https://idp.example.com/sso',",
" binding: saml.Constants.namespace.binding.redirect",
" }",
"});"
}SAML Request Generation
This feature enables the generation of SAML authentication requests. The code sample demonstrates how to create a login request from the Service Provider to the Identity Provider using the redirect binding.
{
"const { id, context } = sp.createLoginRequest(idp, 'redirect');"
}SAML Response Validation
This feature allows the validation of SAML responses received from the Identity Provider. The code sample shows how to parse and validate a login response using the POST binding.
{
"sp.parseLoginResponse(idp, 'post', {",
" body: req.body",
"}).then((parseResult) => {",
" console.log(parseResult);",
"});"
}Passport-SAML is a SAML authentication strategy for Passport, the popular Node.js authentication middleware. It provides similar functionalities to samlify, such as handling SAML authentication requests and responses. However, it is more tightly integrated with the Passport ecosystem, making it a good choice if you are already using Passport for other authentication strategies.
Node-SAML is a lightweight library for SAML authentication in Node.js. It offers basic functionalities for SAML authentication, similar to samlify, but with a simpler API. It may be more suitable for projects that require a straightforward implementation without the additional features provided by samlify.
Saml2-js is another Node.js library for SAML authentication. It provides functionalities for both Service Provider and Identity Provider roles, similar to samlify. While it offers a comprehensive set of features, samlify is often preferred for its more modern API and better documentation.
Highly configuarable Node.js SAML 2.0 library for Single Sign On
Welcome all PRs for maintaining this project, or provide a link to the repositories especially for use cases alongside with different frameworks.
 | If you want to quickly implement SAML SSO, feel free to check out Auth0's NodeJS SDK and free plan at auth0.com/overview. |
|---|
To install the stable version
Starting from v2.6, multiple schema validators are now supported. You can simply set the validator via the following global method. We have four validator modules right now, and you can write your own. The setSchemaValidator is required since v2.6, it will throw error if you don't set at the beginning.
import samlify = require('samlify');
import * as validator from '@authenio/samlify-xsd-schema-validator';
// import * as validator from '@authenio/samlify-validate-with-xmllint';
// import * as validator from '@authenio/samlify-node-xmllint';
// import * as validator from '@authenio/samlify-libxml-xsd'; // only support for version of nodejs <= 8
// const validator = require('@authenio/samlify-xsd-schema-validator');
// const validator = require('@authenio/samlify-validate-with-xmllint');
// const validator = require('@authenio/samlify-node-xmllint');
// const validator = require('@authenio/samlify-libxml-xsd');
samlify.setSchemaValidator(validator);
Now you can create your own schema validator and even suppress it but you have to take the risk for accepting malicious response.
samlify.setSchemaValidator({
validator: (response: string) => {
/* implment your own or always returns a resolved promise to skip */
return Promise.resolve('skipped');
}
});
For those using Windows, windows-build-tools should be installed globally before installing samlify if you are using libxml validator.
$ yarn global add windows-build-tools
This project is now developed using TypeScript, also support Yarn which is a new package manager.
$ yarn global add typescript
$ yarn
const saml = require('samlify');
See full documentation here
react-samlify SP example powered by React, TypeScript and Webpack
An introduction to Single Sign On
Copyright (C) 2016-present Tony Ngan, released under the MIT License.
FAQs
High-level API for Single Sign On (SAML 2.0)
The npm package samlify receives a total of 114,425 weekly downloads. As such, samlify popularity was classified as popular.
We found that samlify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.