Included example

2024-04-28 18:04:53 +02:00 · 2015-08-10 12:49:13 +02:00 · 2015-08-10 12:49:13 +02:00 · 826fe5e0d1
parent 93829c657b
commit 826fe5e0d1
7 changed files with 193 additions and 0 deletions
--- a/openam-example/openam.css
+++ b/openam-example/openam.css
@ -0,0 +1 @@
+/* CSS declarations go here */
--- a/openam-example/openam.html
+++ b/openam-example/openam.html
@ -0,0 +1,46 @@
+<head>
+  <title>Simple SAML Login with OpenAM</title>
+</head>
+
+<body>
+	{{>samlDemo}}
+</body>
+
+<template name="samlDemo">
+    
+    
+    
+	{{>loginButtons}}
+
+	<br>
+	
+	{{#unless currentUser}}
+		<a href="#" class="saml-login" data-provider="openidp">Log in with OpenIDP</a>
+        <a href="#" class="saml-login" data-provider="forgerock">Log in with OpenAM</a>
+	{{/unless}}
+	
+	<hr>
+    
+    {{#if currentUser}}
+    Hello, {{currentUser.username}}. <a href="#" class="saml-logout" data-provider="forgerock">Logout (OpenAM)</a>
+    <br/>
+    
+   <a href="#" class="meteor-logout">Logout (Meteor)</a>
+	{{/if}}
+	<h2>Step 1</h2>
+	Create a password based account.
+	
+	<h2>Step 2</h2>
+	Sign out / log out.  You should see both the login buttons control 'Sign In' and the custom saml login link 'Log in with OpenIDP'
+	
+	<h2>Step 3</h2>
+	Create OpenIDP account if you don't already have one with same email address as the password account. https://openidp.feide.no/
+
+	<h2>Step 4</h2>
+	Click the link 'Log in with OpenIDP'. In the pop up window, log in with your OpenIDP credentials.
+
+	<h2>Step 5</h2>
+	If all goes well, the popup should close by itself.  You should now be logged in just as if you had typed in your username and password.
+
+
+</template>
--- a/openam-example/openam.js
+++ b/openam-example/openam.js
@ -0,0 +1,49 @@
+if (Meteor.isClient) {
+    Template.samlDemo.events({
+        'click .saml-login': function (event, template) {
+            event.preventDefault();
+            var provider = $(event.target).data('provider');
+            Meteor.loginWithSaml({
+                provider: provider
+            }, function (error, result) {
+                //handle errors and result
+            });
+        },
+        'click .saml-logout': function (event, template) {
+            event.preventDefault();
+            var provider = $(event.target).data('provider');
+            //Meteor.logout();
+//            Meteor.call("samlLogout", "Good bye", function(err, result){
+//                            console.log("LOC " + result);
+//            window.location.replace(result);
+//            });
+
+                        Meteor.logoutWithSaml({
+                            provider: provider
+                        }, function (error, result) {
+                            if (error) {
+                             console.log(error.toString());   
+                            } else {
+                                //Meteor.logout();
+                            }
+                        });
+        },
+        'click .meteor-logout': function (event, template) {
+            event.preventDefault();
+            Meteor.logout();
+        }
+    });
+}
+
+
+if (Meteor.isServer) {
+    console.log(">>>>>  " + this.userId);
+    Meteor.methods({
+        addTask: function (text) {
+            // Make sure the user is logged in before inserting a task
+            if (!Meteor.userId()) {
+                throw new Meteor.Error("not-authorized");
+            }
+        }
+    })
+}
--- a/openam-example/private/certs/mycert.pem
+++ b/openam-example/private/certs/mycert.pem
@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+paste your cert here
+-----END CERTIFICATE-----
--- a/openam-example/private/certs/mykey.pem
+++ b/openam-example/private/certs/mykey.pem
@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+paste pem encoded priv key here
+-----END RSA PRIVATE KEY-----
--- a/openam-example/server/config.js
+++ b/openam-example/server/config.js
@ -0,0 +1,48 @@
+Meteor.startup(function () {
+    var initialBoot = false;
+    //
+    var adminUserA = Meteor.users.findOne({
+        "emails.address": "ida.zimt@gmail.com"
+    });
+    
+    var adminUserB = Meteor.users.findOne({
+        "emails.address": "steffo.weber@gmail.com"
+    });
+    if (initialBoot && !(adminUserA)) {
+        console.log("Will create new root user A - ENABLED. Please change code in config.js, Line 7");
+        Accounts.createUser({
+            email: "ida.zimt@gmail.com",
+            password: "password",
+            username: "Ida Zimt",
+            profile: ""
+        });
+        adminUserA = Meteor.users.findOne({
+            "emails.address": "ida.zimt@gmail.comm"
+        });
+    }
+    
+        if (initialBoot && !(adminUserB)) {
+        console.log("Will create new root user B - ENABLED. Please change code in config.js, Line 7");
+        Accounts.createUser({
+            email: "steffo.weber@gmail.com",
+            password: "password",
+            username: "Steffo (Feide Test Account)",
+            profile: ""
+        });
+        adminUserB = Meteor.users.findOne({
+            "emails.address": "steffo.weber@gmail.com"
+        });
+    }
+
+    for (i = 0; i < Meteor.settings.saml.length; i++) {
+        // privateCert is weird name, I know.
+        if (Meteor.settings.saml[i].privateKeyFile && Meteor.settings.saml[i].publicCertFile) {
+            console.log("Set keys/certs for " + Meteor.settings.saml[i].provider);
+            Meteor.settings.saml[i].privateCert = Assets.getText(Meteor.settings.saml[i].publicCertFile);
+            Meteor.settings.saml[i].privateKey = Assets.getText(Meteor.settings.saml[i].privateKeyFile);
+        } else {
+            console.log("No keys/certs found for " + Meteor.settings.saml[i].provider);
+        }
+    }
+
+});
--- a/openam-example/server/lib/settings.js
+++ b/openam-example/server/lib/settings.js
@ -0,0 +1,43 @@
+//  server/lib, are the first things that's loaded when the server is started
+
+var settings = {}
+settings.galaxy = {
+        "saml": [{
+                "provider": "forgerock",
+                "entryPoint": "http://id.init8.net:8080/openam/SSORedirect/metaAlias/zimt/idp",
+                "logoutUrl": "http://id.init8.net:8080/openam/IDPSloInit?metaAlias=/zimt/idp&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
+                "idpSLORedirectURL": "http://id.init8.net:8080/openam/IDPSloRedirect/metaAlias/zimt/idp",
+                "issuer": "http://shiva.meteor.com",
+                "cert": "MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09wZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAKBgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNYJs0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/UQzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDAcGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC/FfwWigmrW0Y0Q==",
+                "privateKeyFile": "certs/mykey.pem",
+                "publicCertFile": "certs/mycert.pem"
+             },
+            {
+                "provider": "openidp",
+                "entryPoint": "https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php",
+                "issuer": "http://shiva.meteor.com/",
+                "cert": "MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=="
+  }
+            ]
+    }
+
+settings.localhost = {
+        "saml": [{
+                "provider": "forgerock",
+                "entryPoint": "http://id.init8.net:8080/openam/SSORedirect/metaAlias/zimt/idp",
+                "idpSLORedirectURL": "http://id.init8.net:8080/openam/IDPSloRedirect/metaAlias/zimt/idp",
+                "issuer": "http://shiva.init8.net:3000/",
+                "cert": "MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09wZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAKBgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNYJs0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/UQzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDAcGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC/FfwWigmrW0Y0Q==",
+                "privateKeyFile": "certs/mykey.pem",
+                "publicCertFile": "certs/mycert.pem"
+             },
+            {
+                "provider": "openidp",
+                "entryPoint": "https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php",
+                "issuer": "http://shiva.meteor.com/",
+                "cert": "MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=="
+  }
+            ]
+    }
+Meteor.settings = settings.localhost;
+Meteor.settings.debug = true;