First working version.

packages/xo-server-auth-saml/README.md

@@ -1,8 +1,6 @@
 # xo-server-auth-saml [![Build Status](https://travis-ci.org/vatesfr/xo-server-auth-saml.png?branch=master)](https://travis-ci.org/vatesfr/xo-server-auth-saml)
 
-**Still in dev: does not work!!!**
-
-> LDAP authentication plugin for XO-Server
+> SAML authentication plugin for XO-Server
 
 This plugin allows SAML users to authenticate to Xen-Orchestra.
 
@@ -19,41 +17,27 @@ Installation of the [npm package](https://npmjs.org/package/xo-server-auth-saml)
 
 ## Usage
 
+> This plugin is based on [passport-saml](https://github.com/bergie/passport-saml),
+> see [its documentation](https://github.com/bergie/passport-saml#configure-strategy)
+> for more information about the configuration.
+
 To enable this plugin you have to add it into the configuration file
 of XO-Server:
 
 ```yaml
 plugins:
 
-  auth-ldap:
-    uri: "ldap://ldap.example.org"
+  auth-saml:
+      path: '/signin/saml/callback'
 
-    # Credentials to use before looking for the user record.
-    #
-    # Default to anonymous.
-    bind:
+      # Server certificate used to validate
+      cert: '-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----'
 
-      # Distinguished name of the user permitted to search the LDAP
-      # directory for the user to authenticate.
-      #
-      # For Microsoft Active Directory, it can also be
-      # `'<user>@<domain>'`
-      dn: 'cn=admin,ou=people,dc=example,dc=org'
+      # Identity provider entry point (sign in URL).
+      entryPoint: 'https://saml.example.org/signin/'
 
-      # Password of the user permitted to search the LDAP directory.
-      password: 'secret'
-
-    # The base is the part of the directory tree where the users are
-    # looked for.
-    base: "ou=people,dc=example,dc=org"
-
-    # Filter used to find the user.
-    #
-    # For Microsoft Active Directory, the filter should be
-    # `'(cn={{name}})'` or `'(sAMAccountName={{name}}@<domain>)'`.
-    #
-    # Default is `'(uid={{name}})'`.
-    #filter: '(uid={{name}})'
+      # Issuer string to supply the identity provider.
+      issuer: 'xen-orchestra'
 ```
 
 ## Development

packages/xo-server-auth-saml/package.json

@@ -1,7 +1,7 @@
 {
   "name": "xo-server-auth-saml",
   "version": "0.0.0",
-  "license": "AGPL3",
+  "license": "AGPL-3",
   "description": "SAML authentication plugin for XO-Server",
   "keywords": [
     "xo-server",
@@ -26,16 +26,17 @@
     "dist/"
   ],
   "dependencies": {
-    "babel-runtime": "^5.7.0"
+    "babel-runtime": "^5.8.20",
+    "passport-saml": "^0.12.0"
   },
   "devDependencies": {
-    "babel": "^5.6.23",
-    "babel-eslint": "^3.1.23",
+    "babel": "^5.8.21",
+    "babel-eslint": "^4.1.0",
     "clarify": "^1.0.5",
     "mocha": "^2.2.5",
     "must": "^0.12.0",
     "source-map-support": "^0.3.2",
-    "standard": "^4.5.4",
+    "standard": "^5.1.0",
     "trace": "^1.2.0"
   },
   "scripts": {

packages/xo-server-auth-saml/src/index.js

@@ -0,0 +1,25 @@
+/* eslint no-throw-literal: 0 */
+
+import {Strategy} from 'passport-saml'
+
+// ===================================================================
+
+class AuthSamlXoPlugin {
+  constructor (conf) {
+    this._conf = conf
+  }
+
+  load (xo) {
+    xo.registerPassportStrategy(new Strategy(this._conf, async (profile, done) => {
+      try {
+        done(null, await xo.registerUser('saml', profile.username))
+      } catch (error) {
+        done(error.message)
+      }
+    }))
+  }
+}
+
+// ===================================================================
+
+export default conf => new AuthSamlXoPlugin(conf)

packages/xo-server-auth-saml/src/index.spec.js

@@ -1,11 +0,0 @@
-/* eslint-env mocha */
-
-import expect from 'must'
-
-// ===================================================================
-
-import myLib from './'
-
-// ===================================================================
-
-describe('myLib')