mirror of
https://github.com/netzbegruenung/meteor-accounts-saml.git
synced 2024-05-01 03:14:52 +02:00
Changed README.md
This commit is contained in:
parent
53e2321dd9
commit
6f8a919278
10
README.md
10
README.md
|
@ -29,9 +29,10 @@ settings = {"saml":[{
|
|||
"cert":"MIICizCCAfQCCQCY8tKaMc0 LOTS OF FUNNY CHARS ==",
|
||||
"idpSLORedirectURL": "http://openam.idp.io/openam/IDPSloRedirect/metaAlias/zimt/idp",
|
||||
"privateKeyFile": "certs/mykey.pem", // path is relative to $METEOR-PROJECT/private
|
||||
"publicCertFile": "certs/mycert.pem" // eg $METEOR-PROJECT/private/certs/mycert.pem
|
||||
"publicCertFile": "certs/mycert.pem", // eg $METEOR-PROJECT/private/certs/mycert.pem
|
||||
"dynamicProfile": true // set to true if we want to create a user in Meteor.users dynamically if SAML assertion is valid
|
||||
}]}
|
||||
|
||||
|
||||
Meteor.settings = settings;
|
||||
```
|
||||
|
||||
|
@ -73,7 +74,7 @@ and if SingleLogout is needed
|
|||
|
||||
1. Create a Meteor project by `meteor create sp` and cd into it.
|
||||
2. Add `steffo:meteor-accounts-saml`
|
||||
3. Create `server/lib/settings.js` as described above. Since Meteor loads things in `server/lib` first, this ensures that your settings are respected even on Galaxy where you cannot use `meteor --settings`.
|
||||
3. Create `server/lib/settings.js` as described above. Since Meteor loads things in `server/lib` first, this ensures that your settings are respected even on Galaxy where you cannot use `meteor --settings`.
|
||||
4. Put your private key and your cert (not the IDP's one) into the "private" directory. Eg if your meteor project is at `/Users/steffo/sp` then place them in `/Users/steffo/sp/private`
|
||||
5. Check if you can receive SP metadata eg via `curl http://localhost:3000/_saml/metadata/openam`. Output should look like:
|
||||
|
||||
|
@ -103,7 +104,7 @@ and if SingleLogout is needed
|
|||
1. I prefer using OpenAM realms. Set up a realm using a name that matches the one in the entry point URL of the `settings.json` file: `https://openam.idp.io/openam/SSORedirect/metaAlias/<YOURREALM>/idp`; we used `zimt` above.
|
||||
2. Save the SP metadata (obtained in Step 5 above) in a file `sp-metadata.xml`.
|
||||
3. Logon OpenSSO console as `amadmin` and select _Common Tasks > Register Remote Service Provider_
|
||||
4. Select the corresponding real and upload the metadata (alternatively, point OpenAM to the SP's metadata URL eg `http://sp.meteor.com/_saml/metadata/openam`). If all goes well the new SP shows up under _Federation > Entity Providers_
|
||||
4. Select the corresponding real and upload the metadata (alternatively, point OpenAM to the SP's metadata URL eg `http://sp.meteor.com/_saml/metadata/openam`). If all goes well the new SP shows up under _Federation > Entity Providers_
|
||||
|
||||
|
||||
|
||||
|
@ -120,4 +121,3 @@ and if SingleLogout is needed
|
|||
## Credits
|
||||
Based Nat Strauser's Meteor/SAML package _natestrauser:meteor-accounts-saml_ which is
|
||||
heavily derived from https://github.com/bergie/passport-saml.
|
||||
|
||||
|
|
Loading…
Reference in a new issue