ADFS SAML Login with Express and passport-saml

Introduction

I mainly use Express and passport-saml to connect to the ADFS server in our company.

Setup Express project

Before start, create the node project first. Create a folder (express-passport-saml-poc in my case) and init with the command: yarn init

# install the express framework, passport with passport-saml
yarn add express passport passport-saml
# Run the script to create the corresponding xml and key pair, in this POC, I use localhost as the domain and our ADFS server has rule to have SSL setup for service providers.
# ./mellon_create_metadata.sh <your domain> <your saml login callback url>
./mellon_create_metadata.sh https://localhost:3000 https://localhost:3000/adfs/saml
# bash ./retrieve_adfs_certificate.sh (your_adfs_server_url) > adfs_cert.crt
bash ./retrieve_adfs_certificate.sh https://sample-adfs.com > adfs_cert.crt
  • https_localhost_3000.key
  • https_localhost_3000.cert
  • adfs_cert.crt

Setup ADFS Relying Party Trust

My company is using Windows Server 2016. Copy the metadata XML to the server. Open AD FS Management tool. Click Add Relying Party Trust.

Test

Navigate to the https://localhost:3000/login

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store