This project demonstrates a simple application with SAML authentication and intentionally introduced vulnerabilities for educational purposes.
- Prerequisites
- Installation
- Generating SAML Certificates
- Running the Application
- Project Structure
- Contact
- Node.js and npm: Install from Node.js.
- OpenSSL: Install from OpenSSL for Windows or use the package manager for MacOS/Linux.
saml-idp
package: Install globally using npm.
npm install -g saml-idp
-
Clone the repository:
git clone https://github.com/Dyst0rti0n/saml-demo-app.git cd saml-demo-app
-
Install dependencies:
npm install
-
Generate the Service Provider (SP) certificates:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout private-key.pem -out certificate.pem
-
Generate the Identity Provider (IdP) certificates:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout idp-private-key.pem -out idp-public-cert.pem
- Fill in the required information for the certificates with random nonsense (Country, State, etc.).
-
Start the Identity Provider (IdP):
saml-idp --acsUrl http://localhost:3000/assert --audience http://localhost:3000/metadata.xml --key idp-private-key.pem --cert idp-public-cert.pem
-
Start the Service Provider (SP) Application:
node app.js
-
Access the application: Open your web browser and navigate to http://localhost:3000.
This is how it should look given you've created the certificates correctly.
saml-demo-app/
├── app.js
├── package.json
├── private-key.pem
├── certificate.pem
├── idp-private-key.pem
├── idp-public-cert.pem
├── views/
│ ├── index.ejs
│ ├── welcome.ejs
└── README.md
For any questions or issues, please contact Dyst0rti0n.