This project demonstrates a simple application with SAML authentication and intentionally introduced vulnerabilities for educational purposes.

• Prerequisites
• Installation
• Generating SAML Certificates
• Running the Application
• Project Structure
• Contact

• Node.js and npm: Install from Node.js.
• OpenSSL: Install from OpenSSL for Windows or use the package manager for MacOS/Linux.
• saml-idp package: Install globally using npm.

npm install -g saml-idp

1. Clone the repository:

   git clone https://github.com/Dyst0rti0n/saml-demo-app.git
   cd saml-demo-app

2. Install dependencies:

   npm install

1. Generate the Service Provider (SP) certificates:

   openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout private-key.pem -out certificate.pem

2. Generate the Identity Provider (IdP) certificates:

   openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout idp-private-key.pem -out idp-public-cert.pem

   • Fill in the required information for the certificates with random nonsense (Country, State, etc.).

1. Start the Identity Provider (IdP):

   saml-idp --acsUrl http://localhost:3000/assert --audience http://localhost:3000/metadata.xml --key idp-private-key.pem --cert idp-public-cert.pem

2. Start the Service Provider (SP) Application:

   node app.js

3. Access the application: Open your web browser and navigate to http://localhost:3000.

This is how it should look given you've created the certificates correctly.

saml-demo-app/
├── app.js
├── package.json
├── private-key.pem
├── certificate.pem
├── idp-private-key.pem
├── idp-public-cert.pem
├── views/
│   ├── index.ejs
│   ├── welcome.ejs
└── README.md

For any questions or issues, please contact Dyst0rti0n.