diff --git a/packages/xo-server-auth-saml/.editorconfig b/packages/xo-server-auth-saml/.editorconfig new file mode 100644 index 000000000..b6db0112a --- /dev/null +++ b/packages/xo-server-auth-saml/.editorconfig @@ -0,0 +1,65 @@ +# http://EditorConfig.org +# +# Julien Fontanet's configuration +# https://gist.github.com/julien-f/8096213 + +# Top-most EditorConfig file. +root = true + +# Common config. +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespaces = true + +# CoffeeScript +# +# https://github.com/polarmobile/coffeescript-style-guide/blob/master/README.md +[*.{,lit}coffee] +indent_size = 2 +indent_style = space + +# Markdown +[*.{md,mdwn,mdown,markdown}] +indent_size = 4 +indent_style = space + +# Package.json +# +# This indentation style is the one used by npm. +[/package.json] +indent_size = 2 +indent_style = space + +# Jade +[*.jade] +indent_size = 2 +indent_style = space + +# JavaScript +# +# Two spaces seems to be the standard most common style, at least in +# Node.js (http://nodeguide.com/style.html#tabs-vs-spaces). +[*.{js,jsx,ts,tsx}] +indent_size = 2 +indent_style = space + +# Less +[*.less] +indent_size = 2 +indent_style = space + +# Sass +# +# Style used for http://libsass.com +[*.s[ac]ss] +indent_size = 2 +indent_style = space + +# YAML +# +# Only spaces are allowed. +[*.yaml] +indent_size = 2 +indent_style = space diff --git a/packages/xo-server-auth-saml/.gitignore b/packages/xo-server-auth-saml/.gitignore new file mode 100644 index 000000000..827e4e420 --- /dev/null +++ b/packages/xo-server-auth-saml/.gitignore @@ -0,0 +1,7 @@ +/dist/ +/node_modules/ + +npm-debug.log +npm-debug.log.* +pnpm-debug.log +pnpm-debug.log.* diff --git a/packages/xo-server-auth-saml/.npmignore b/packages/xo-server-auth-saml/.npmignore new file mode 100644 index 000000000..c31ee82cb --- /dev/null +++ b/packages/xo-server-auth-saml/.npmignore @@ -0,0 +1,10 @@ +/examples/ +example.js +example.js.map +*.example.js +*.example.js.map + +/test/ +/tests/ +*.spec.js +*.spec.js.map diff --git a/packages/xo-server-auth-saml/.travis.yml b/packages/xo-server-auth-saml/.travis.yml new file mode 100644 index 000000000..ae52e87e6 --- /dev/null +++ b/packages/xo-server-auth-saml/.travis.yml @@ -0,0 +1,9 @@ +language: node_js +node_js: + - 'stable' + - '6' + - '4' + +# Use containers. +# http://docs.travis-ci.com/user/workers/container-based-infrastructure/ +sudo: false diff --git a/packages/xo-server-auth-saml/README.md b/packages/xo-server-auth-saml/README.md new file mode 100644 index 000000000..82ad17432 --- /dev/null +++ b/packages/xo-server-auth-saml/README.md @@ -0,0 +1,63 @@ +# xo-server-auth-saml [![Build Status](https://travis-ci.org/vatesfr/xo-server-auth-saml.png?branch=master)](https://travis-ci.org/vatesfr/xo-server-auth-saml) + +> SAML authentication plugin for XO-Server + +This plugin allows SAML users to authenticate to Xen-Orchestra. + +The first time a user signs in, XO will create a new XO user with the +same identifier. + +## Install + +Installation of the [npm package](https://npmjs.org/package/xo-server-auth-saml): + +``` +> npm install --global xo-server-auth-saml +``` + +## Usage + +> This plugin is based on [passport-saml](https://github.com/bergie/passport-saml), +> see [its documentation](https://github.com/bergie/passport-saml#configure-strategy) +> for more information about the configuration. + +Like all other xo-server plugins, it can be configured directly via +the web iterface, see [the plugin documentation](https://xen-orchestra.com/docs/plugins.html). + +> Important: When registering your instance to your identity provider, +> you must configure its callback URL to +> `http://xo.company.net/signin/saml/callback`! + +## Development + +``` +# Install dependencies +> npm install + +# Run the tests +> npm test + +# Continuously compile +> npm run dev + +# Continuously run the tests +> npm run dev-test + +# Build for production (automatically called by npm install) +> npm run build +``` + +## Contributions + +Contributions are *very* welcomed, either on the documentation or on +the code. + +You may: + +- report any [issue](https://github.com/vatesfr/xo-server-auth-saml/issues) + you've encountered; +- fork and create a pull request. + +## License + +AGPL3 © [Vates SAS](http://vates.fr) diff --git a/packages/xo-server-auth-saml/package.json b/packages/xo-server-auth-saml/package.json new file mode 100644 index 000000000..a9ca878c3 --- /dev/null +++ b/packages/xo-server-auth-saml/package.json @@ -0,0 +1,81 @@ +{ + "name": "xo-server-auth-saml", + "version": "0.4.1", + "license": "AGPL-3.0", + "description": "SAML authentication plugin for XO-Server", + "keywords": [ + "authentication", + "orchestra", + "plugin", + "saml", + "xen", + "xen-orchestra", + "xo-server" + ], + "homepage": "https://github.com/vatesfr/xo-server-auth-saml", + "bugs": "https://github.com/vatesfr/xo-server-auth-saml/issues", + "repository": { + "type": "git", + "url": "https://github.com/vatesfr/xo-server-auth-saml" + }, + "author": { + "name": "Julien Fontanet", + "email": "julien.fontanet@isonoe.net" + }, + "preferGlobal": false, + "main": "dist/", + "bin": {}, + "files": [ + "dist/" + ], + "engines": { + "node": ">=4" + }, + "dependencies": { + "babel-runtime": "^6.11.6", + "passport-saml": "^0.15.0" + }, + "devDependencies": { + "babel-cli": "^6.14.0", + "babel-eslint": "^7.1.0", + "babel-plugin-transform-runtime": "^6.15.0", + "babel-preset-latest": "^6.16.0", + "babel-preset-stage-0": "^6.5.0", + "cross-env": "^3.1.3", + "dependency-check": "^2.6.0", + "ghooks": "^1.3.2", + "rimraf": "^2.5.4", + "standard": "^8.2.0" + }, + "scripts": { + "build": "cross-env NODE_ENV=production babel --source-maps --out-dir=dist/ src/", + "clean": "rimraf dist/", + "depcheck": "dependency-check ./package.json", + "dev": "cross-env NODE_ENV=development babel --watch --source-maps --out-dir=dist/ src/", + "lint": "standard", + "posttest": "npm run lint && npm run depcheck", + "prebuild": "npm run clean", + "predev": "npm run clean", + "prepublish": "npm run build" + }, + "babel": { + "plugins": [ + "transform-runtime" + ], + "presets": [ + "latest", + "stage-0" + ] + }, + "standard": { + "ignore": [ + "dist" + ], + "parser": "babel-eslint" + }, + "config": { + "ghooks": { + "commit-msg": "npm test" + } + } +} diff --git a/packages/xo-server-auth-saml/src/index.js b/packages/xo-server-auth-saml/src/index.js new file mode 100644 index 000000000..e19a4a81b --- /dev/null +++ b/packages/xo-server-auth-saml/src/index.js @@ -0,0 +1,59 @@ +import {Strategy} from 'passport-saml' + +// =================================================================== + +export const configurationSchema = { + type: 'object', + properties: { + cert: { + type: 'string' + }, + entryPoint: { + type: 'string' + }, + issuer: { + type: 'string' + }, + usernameField: { + type: 'string' + } + }, + required: ['cert', 'entryPoint', 'issuer'] +} + +// =================================================================== + +class AuthSamlXoPlugin { + constructor ({ xo }) { + this._conf = null + this._usernameField = null + this._xo = xo + } + + configure ({ usernameField, ...conf }) { + this._usernameField = usernameField + this._conf = conf + } + + load () { + const xo = this._xo + + xo.registerPassportStrategy(new Strategy(this._conf, async (profile, done) => { + const name = profile[this._usernameField] + if (!name) { + done('no name found for this user') + return + } + + try { + done(null, await xo.registerUser('saml', name)) + } catch (error) { + done(error.message) + } + })) + } +} + +// =================================================================== + +export default opts => new AuthSamlXoPlugin(opts)