Strapi: SAML Provider

Created on 23 Nov 2018  路  3Comments  路  Source: strapi/strapi
  • [x] I have created my request on the Product Board before I submitted this issue
  • [x] I have looked at all the other requests on the Product Board before I submitted this issue

Please describe your feature request:

I'm trying to add a new provider, which is based on SAML. The SAML provider is OKTA. My integration is based on the following example: https://github.com/gbraad/passport-saml-example

To use the SAML strategy, I have added the Koa passport middlewares into users-permission plugin

Into this file users-permissions/middlewares/users-permissions/index.js

...
const passport = require('koa-passport');

module.exports = strapi => {
  return {
    beforeInitialize: function() {
      strapi.config.middleware.load.before.unshift('users-permissions');
      strapi.app.use(passport.initialize()) // Initialize passport
      strapi.app.use(passport.session()) // // Use passport session
    },
    ...

And in the connect method on plugins/users-permissions/controllers/Auth.js

    if (!_.get(config, 'enabled')) {
      return ctx.badRequest(null, 'This provider is disabled.');
    }

    // Adding my custom provider to redirect?
    if (provider === 'oktaSAML') {
      const saml = require('../services/Saml');
      saml.auth({
        path: '/connect/oktaSAML/callback',
        entryPoint: '...', // Provided by OKTA
        issuer: '...', // Provided by OKTA
        cert: null // Optional
      });
      return strapi.koaMiddlewares.compose([saml.strategy])(ctx, next);
    ...

But when I navigate to http://localhost:1337/connect/oktaSAML it gives me 404 not found.

I have already followed Adding a Provider guide and added the OKTA SAML to the provider's list.

I believe the Purest package does not support SAML integration, thus I have to register either a new route or modify the connect method to handle our login integration.

  • Is this even a correct approach?
  • Does it scale well?
  • Am I working on correct files?

I'm lost right now, is it even possible to integrate SAML in Strapi? Or I have to choose to proxy my way into Strapi as suggested by @opgbaudouin.

Also, how do I modify my OKTA SAML Provider popup form fields in the back-office? Since SAML accept different inputs than Auth 2.0

help wanted
Source
picture rahilwazir
👍2

Most helpful comment

@lauriejim We would appreciate if you add passport js support, this would allow also other login providers besides just OAuth ...

picture TechupBusiness on 7 Mar 2019
👍7

All 3 comments

If Purest not support your provider, the documentation will not work.

We plan to reviews the auth providers system to make it easier to add new one.

For now you will have to customize the Strapi server to make it work with your own syst猫me for your provider.
And yes I think you work on correct files (don't have time for more investigation on my side)

lauriejim picture lauriejim on 28 Nov 2018

@lauriejim We would appreciate if you add passport js support, this would allow also other login providers besides just OAuth ...

TechupBusiness picture TechupBusiness on 7 Mar 2019
👍7

This issue has been mentioned on Strapi Community. There might be relevant details there:

https://forum.strapi.io/t/user-permissions-saml-provider/466/1

lauriejim picture lauriejim on 14 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

quibaritaenperdresatrompe picture quibaritaenperdresatrompe  路  3Comments
Rashidul420222 picture Rashidul420222  路  3Comments
isabellachen picture isabellachen  路  3Comments
chaitanyya picture chaitanyya  路  3Comments
denislutz picture denislutz  路  3Comments