Last week I wrote about setting up a Passport SAML Config to implement integration with an SSO provider that supports SAML.

The app uses ExpressJS a web server, Passport, a security framework, and Passport SAML a SAML Plugin to Passport; all running on top of a NodeJS server.

We can create a metadata endpoint to share information about our app with our IDP. The purpose of this is that updates to our app, such as our cert, are automatically shared with them and vice versa.

It isn't too hard to make this happen thanks to our underlying Passport-SAML library.

I create a new expressJS route in our app, just like this:

view plain print about
1router.get('/metadata', (req: Request, res: Response) => {
2 res.type('application/xml');
3 res.status(200).send(samlStrategy.generateServiceProviderMetadata());

All the complexity of this is architected away by the library. Just load '' to get your metadata.

Pretty sweet.

The reason I'm writing these blog posts about setting this up for a single app, is that things can become much more complicated when you have multiple apps. Next week I'm going to tackle create a MultiSamlStrategy, which is a single strategy that can support multiple applications.