A lightweight SAML client built with Node.js and TypeScript to facilitate end-to-end testing of SAML authentication flows between a Service Provider (SP) and an Identity Provider (IdP).
- SP-initiated SAML authentication flow
- SAML Assertion Consumer Service (ACS) endpoint
- SAML metadata endpoint
- SAML logout functionality
- User attribute extraction (e.g.,
mail,groups,displayName) - Docker containerization support
- Comprehensive logging for debugging and analysis
- Node.js 20.x or higher
- TypeScript
- A SAML Identity Provider (e.g., Keycloak) for testing
Clone the repository and install dependencies:
git clone <repository-url>
cd saml-client
npm install- Create an environment variables file:
- Define the required environment variables in a
.envfile.
- Generate SP certificates:
- Generate the necessary certificates for the Service Provider.
- Add IdP certificate:
- Import the Identity Provider's certificate for secure communication.
Start the application in development mode:
npm run devBuild and run the application in production mode:
npm run build
npm startBuild and run the application using Docker:
docker build -t saml-client .
docker run -p 3000:3000 saml-client- Login:
/login- Initiates SP-initiated SAML login flow. - Assertion Consumer Service:
/acs- Processes SAML assertions from the IdP. - Metadata:
/metadata- Provides SP SAML metadata for IdP configuration. - Logout:
/logout- Initiates SAML logout flow.
API documentation is available at /openapi when the service is running.
Run the test suite:
npm testThe project is organized to ensure clarity and maintainability. Refer to the source code for detailed structure and comments.
A sample Keycloak client configuration is provided in the kc_metadata.xml.json file. Use this as a reference when setting up your IdP.
This project is licensed under the MIT License.