Are there any SAML libraries for NodeJS? There seems to be a ton of code available for node but no SAML libraries. If not, is there a reason why not?
Node.js is still a new technology and mostly being used on startups or enterprises that are innovating with realtime. Hence SAML is not popular among them, you will find more OAuth in that space. SAML is not a simple spec to implement (as opposed something like SWT or JWT). The hard piece is the Digital Signature which requires XML canonicalization among other things.
Couple of months ago I wrote an article about using Windows Azure ACS (which uses WS-Federation protocol and SimpleWebTokens) with node.js
http://nodeblog.cloudapp.net/using-windows-azure-access-control-service-acs-from-a-node-app
If you are interested in writing a SAML library for node.js let me know. I am interested in that.
Matias
I did not really tried this yet, but it seems to be what you are looking for : https://npmjs.org/package/passport-saml
It is also kind of new (it came out after the last answer was posted).
Here you have one http://github.com/leandrob/saml20
var saml = require('saml20');
var options = {
publicKey: 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5Bc...',
audince: 'http://myservice.com/'
}
saml.validate(rawAssertion, options, function(err, profile) {
// err
var claims = profile.claims; // Array of user attributes;
var issuer = profile.issuer: // String Issuer name.
});