diff --git a/openam-example/openam.css b/openam-example/openam.css
new file mode 100644
index 0000000..b6b4052
--- /dev/null
+++ b/openam-example/openam.css
@@ -0,0 +1 @@
+/* CSS declarations go here */
diff --git a/openam-example/openam.html b/openam-example/openam.html
new file mode 100644
index 0000000..c670ea2
--- /dev/null
+++ b/openam-example/openam.html
@@ -0,0 +1,46 @@
+
+ Simple SAML Login with OpenAM
+
+
+
+ {{>samlDemo}}
+
+
+
+
+
+
+ {{>loginButtons}}
+
+
+
+ {{#unless currentUser}}
+ Log in with OpenIDP
+ Log in with OpenAM
+ {{/unless}}
+
+
+
+ {{#if currentUser}}
+ Hello, {{currentUser.username}}. Logout (OpenAM)
+
+
+ Logout (Meteor)
+ {{/if}}
+ Step 1
+ Create a password based account.
+
+ Step 2
+ Sign out / log out. You should see both the login buttons control 'Sign In' and the custom saml login link 'Log in with OpenIDP'
+
+ Step 3
+ Create OpenIDP account if you don't already have one with same email address as the password account. https://openidp.feide.no/
+
+ Step 4
+ Click the link 'Log in with OpenIDP'. In the pop up window, log in with your OpenIDP credentials.
+
+ Step 5
+ If all goes well, the popup should close by itself. You should now be logged in just as if you had typed in your username and password.
+
+
+
\ No newline at end of file
diff --git a/openam-example/openam.js b/openam-example/openam.js
new file mode 100644
index 0000000..e1cae23
--- /dev/null
+++ b/openam-example/openam.js
@@ -0,0 +1,49 @@
+if (Meteor.isClient) {
+ Template.samlDemo.events({
+ 'click .saml-login': function (event, template) {
+ event.preventDefault();
+ var provider = $(event.target).data('provider');
+ Meteor.loginWithSaml({
+ provider: provider
+ }, function (error, result) {
+ //handle errors and result
+ });
+ },
+ 'click .saml-logout': function (event, template) {
+ event.preventDefault();
+ var provider = $(event.target).data('provider');
+ //Meteor.logout();
+// Meteor.call("samlLogout", "Good bye", function(err, result){
+// console.log("LOC " + result);
+// window.location.replace(result);
+// });
+
+ Meteor.logoutWithSaml({
+ provider: provider
+ }, function (error, result) {
+ if (error) {
+ console.log(error.toString());
+ } else {
+ //Meteor.logout();
+ }
+ });
+ },
+ 'click .meteor-logout': function (event, template) {
+ event.preventDefault();
+ Meteor.logout();
+ }
+ });
+}
+
+
+if (Meteor.isServer) {
+ console.log(">>>>> " + this.userId);
+ Meteor.methods({
+ addTask: function (text) {
+ // Make sure the user is logged in before inserting a task
+ if (!Meteor.userId()) {
+ throw new Meteor.Error("not-authorized");
+ }
+ }
+ })
+}
\ No newline at end of file
diff --git a/openam-example/private/certs/mycert.pem b/openam-example/private/certs/mycert.pem
new file mode 100755
index 0000000..27d7f74
--- /dev/null
+++ b/openam-example/private/certs/mycert.pem
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+paste your cert here
+-----END CERTIFICATE-----
diff --git a/openam-example/private/certs/mykey.pem b/openam-example/private/certs/mykey.pem
new file mode 100755
index 0000000..c454227
--- /dev/null
+++ b/openam-example/private/certs/mykey.pem
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+paste pem encoded priv key here
+-----END RSA PRIVATE KEY-----
diff --git a/openam-example/server/config.js b/openam-example/server/config.js
new file mode 100644
index 0000000..1a76d67
--- /dev/null
+++ b/openam-example/server/config.js
@@ -0,0 +1,48 @@
+Meteor.startup(function () {
+ var initialBoot = false;
+ //
+ var adminUserA = Meteor.users.findOne({
+ "emails.address": "ida.zimt@gmail.com"
+ });
+
+ var adminUserB = Meteor.users.findOne({
+ "emails.address": "steffo.weber@gmail.com"
+ });
+ if (initialBoot && !(adminUserA)) {
+ console.log("Will create new root user A - ENABLED. Please change code in config.js, Line 7");
+ Accounts.createUser({
+ email: "ida.zimt@gmail.com",
+ password: "password",
+ username: "Ida Zimt",
+ profile: ""
+ });
+ adminUserA = Meteor.users.findOne({
+ "emails.address": "ida.zimt@gmail.comm"
+ });
+ }
+
+ if (initialBoot && !(adminUserB)) {
+ console.log("Will create new root user B - ENABLED. Please change code in config.js, Line 7");
+ Accounts.createUser({
+ email: "steffo.weber@gmail.com",
+ password: "password",
+ username: "Steffo (Feide Test Account)",
+ profile: ""
+ });
+ adminUserB = Meteor.users.findOne({
+ "emails.address": "steffo.weber@gmail.com"
+ });
+ }
+
+ for (i = 0; i < Meteor.settings.saml.length; i++) {
+ // privateCert is weird name, I know.
+ if (Meteor.settings.saml[i].privateKeyFile && Meteor.settings.saml[i].publicCertFile) {
+ console.log("Set keys/certs for " + Meteor.settings.saml[i].provider);
+ Meteor.settings.saml[i].privateCert = Assets.getText(Meteor.settings.saml[i].publicCertFile);
+ Meteor.settings.saml[i].privateKey = Assets.getText(Meteor.settings.saml[i].privateKeyFile);
+ } else {
+ console.log("No keys/certs found for " + Meteor.settings.saml[i].provider);
+ }
+ }
+
+});
\ No newline at end of file
diff --git a/openam-example/server/lib/settings.js b/openam-example/server/lib/settings.js
new file mode 100644
index 0000000..721340c
--- /dev/null
+++ b/openam-example/server/lib/settings.js
@@ -0,0 +1,43 @@
+// server/lib, are the first things that's loaded when the server is started
+
+var settings = {}
+settings.galaxy = {
+ "saml": [{
+ "provider": "forgerock",
+ "entryPoint": "http://id.init8.net:8080/openam/SSORedirect/metaAlias/zimt/idp",
+ "logoutUrl": "http://id.init8.net:8080/openam/IDPSloInit?metaAlias=/zimt/idp&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
+ "idpSLORedirectURL": "http://id.init8.net:8080/openam/IDPSloRedirect/metaAlias/zimt/idp",
+ "issuer": "http://shiva.meteor.com",
+ "cert": "MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09wZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAKBgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNYJs0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/UQzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDAcGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC/FfwWigmrW0Y0Q==",
+ "privateKeyFile": "certs/mykey.pem",
+ "publicCertFile": "certs/mycert.pem"
+ },
+ {
+ "provider": "openidp",
+ "entryPoint": "https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php",
+ "issuer": "http://shiva.meteor.com/",
+ "cert": "MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=="
+ }
+ ]
+ }
+
+settings.localhost = {
+ "saml": [{
+ "provider": "forgerock",
+ "entryPoint": "http://id.init8.net:8080/openam/SSORedirect/metaAlias/zimt/idp",
+ "idpSLORedirectURL": "http://id.init8.net:8080/openam/IDPSloRedirect/metaAlias/zimt/idp",
+ "issuer": "http://shiva.init8.net:3000/",
+ "cert": "MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09wZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAKBgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNYJs0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/UQzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDAcGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC/FfwWigmrW0Y0Q==",
+ "privateKeyFile": "certs/mykey.pem",
+ "publicCertFile": "certs/mycert.pem"
+ },
+ {
+ "provider": "openidp",
+ "entryPoint": "https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php",
+ "issuer": "http://shiva.meteor.com/",
+ "cert": "MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=="
+ }
+ ]
+ }
+Meteor.settings = settings.localhost;
+Meteor.settings.debug = true;
\ No newline at end of file