Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Provide more informations about creating the service

See original GitHub issue

Hello, I’m confusing with the whole setup.

What I want ? I want a user from my application to connect to an ADFS via SAML2 :

What I’ve done so far:

I have an ADDS and an ADFS working properly.
- I added the relying party trust and the callback url on the ADFS

So, what I understand so far is that my ADFS will be the Identity provider ? And my application will be the Service Provider ?

// for now, I fetch the https://<adfs>/FederationMetadata/2007-06/FederationMetadata.xml
const idp = saml.IdentityProvider({
    metadata,
}); // I believe the package will do the job in order to setup the IDP correctly am I right ?

What I’m missing is the configuration for the service provider ?

const sp = saml.ServiceProvider({
    dataEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
    requestSignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
    metadata, // using the same Metadata object from the ADFS- I don't know for know what should I put in there ?
});
const url = sp.createLoginRequest(idp, 'redirect'); // this create a request that won't be accepted by our ADFS.

On the ADFS

An error appear each time I sent a SAML request, saying that :

screen shot 2017-08-31 at 17 44 18

What metadata I’m suppose to provide for my SP ? And witch certificate or private key I’m suppose to give in order to make it work ?

I’m still confuse about how this work, if someone can help me. 😞

Issue Analytics

State:
Created 6 years ago
Comments:8 (4 by maintainers)

Top GitHub Comments

1reaction

tngancommented, Aug 31, 2017

@rolljee

So, what I understand so far is that my ADFS will be the Identity provider ? And my application will be the Service Provider ?

Answer is yes.

From my understanding, you are trying to do the SP-initiated SSO, right ?

For your configuration of service provider, you can use this online tool to build your metadata.

There are a lot of options to make the service works, feel free to send your message to passify.io@gmail.com if you don’t want to expose the business secret here, using this pgp key for email encryption if you want.

0reactions

rolljeecommented, Sep 20, 2017

@tngan I mean redirect binding for adfs response not for request 😃

Using this piece of code, i managed to decrypt any response incomming from an adfs redirect binding.

import atob from 'atob';
import inflate from 'tiny-inflate';

const authnRequest = String(params.query.SAMLResponse) + String(params.query.Signature);
const strData = atob(authnRequest);
const charData = strData.split('').map(function (x) { return x.charCodeAt(0); });
const compressedBuffer = new Buffer(charData);
const outputBuffer = new Buffer(compressedBuffer.length * 1000); // GZip max compression ratio
const output = String(inflate(compressedBuffer, outputBuffer));

Top Results From Across the Web

Create an application service

Create an application service to adhere to CSDM standards and to standardize the organization, maintenance, and monitoring of services in your organization.

Services overview | Android Developers

The Service class is the base class for all services. When you extend this class, it's important to create a new thread in...

Tutorial: Create a Windows service app - .NET Framework

In this tutorial, create a Windows service app in Visual Studio that writes messages to an event log. ... For more information, see...

Creating and managing service accounts | IAM Documentation

This page explains how to create and manage service accounts using the Identity and Access Management (IAM) API, the Google Cloud console, and...

8 Ways You Can Provide More Personalized Customer Service

Taking a few simple, cost-effective steps can help businesses offer personalized customer service experiences, both online and off.