{"library":"samlp","title":"SAML Protocol Identity Provider Middleware","description":"samlp is a Node.js middleware library designed to facilitate the creation of SAML Protocol Identity Provider (IdP) endpoints. It handles the complexities of generating SAML responses and metadata, allowing developers to focus on user authentication mechanisms. The current stable version is 8.0.0, released March 31, 2026. This library is actively maintained by Auth0 and sees releases for new features, bug fixes, and dependency updates, typically on a monthly to quarterly cadence. Its key differentiator is its focus specifically on the IdP side of SAML, providing a configurable Express/Koa-compatible middleware, in contrast to libraries that are more general-purpose or service provider-centric. It requires Node.js version 12 or greater, reflecting modern Node.js ecosystem practices.","language":"javascript","status":"active","last_verified":"Tue Apr 21","install":{"commands":["npm install samlp"],"cli":null},"imports":["import samlp from 'samlp';","import samlp from 'samlp';\napp.get('/samlp', samlp.auth({...}));","import samlp from 'samlp';\napp.get('/FederationMetadata/2007-06/FederationMetadata.xml', samlp.metadata({...}));"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import express from 'express';\nimport samlp from 'samlp';\nimport fs from 'fs';\nimport path from 'path';\n\nconst app = express();\nconst PORT = process.env.PORT || 3000;\n\n// Dummy user object for demonstration\nconst dummyUser = { id: 'user123', email: 'test@example.com', name: 'Test User' };\n\n// Minimal SAMLP configuration\nconst samlpOptions = {\n  issuer: 'http://localhost:3000/samlp',\n  cert: fs.readFileSync(path.join(process.cwd(), 'some-cert.pem'), 'utf8'), // Ensure 'some-cert.pem' exists\n  key: fs.readFileSync(path.join(process.cwd(), 'some-cert.key'), 'utf8'),   // Ensure 'some-cert.key' exists\n  getPostURL: function (audience, samlRequestDom, req, callback) {\n    // In a real scenario, this would dynamically determine the SP's AssertionConsumerService URL\n    // For quickstart, we'll just return a placeholder or a mock SP URL.\n    // Usually, the `audience` from SAMLRequest can help determine the SP.\n    console.log('SAML Request received from audience:', audience);\n    // For a minimal example, let's assume a fixed SP URL for posting the assertion\n    const spAcsUrl = 'http://localhost:8080/saml/acs'; // Replace with a real SP's ACS URL\n    return callback(null, spAcsUrl);\n  },\n  getUserFromRequest: function (req) {\n    // In a real app, this would get the authenticated user from req.user or session\n    return dummyUser;\n  },\n  profileMapper: samlp.PassportProfileMapper,\n  signatureAlgorithm: 'rsa-sha256',\n  digestAlgorithm: 'sha256',\n  signResponse: false,\n  signAssertion: true\n};\n\napp.get('/samlp', (req, res, next) => {\n  // Simulate a pre-authenticated user for the IdP flow\n  req.user = dummyUser;\n  samlp.auth(samlpOptions)(req, res, next);\n});\n\n// SAML IdP Metadata endpoint\napp.get('/samlp/FederationMetadata/2007-06/FederationMetadata.xml', samlp.metadata(samlpOptions));\n\napp.listen(PORT, () => {\n  console.log(`SAML IdP listening on port ${PORT}`);\n  console.log('Access SAML Login Initiator via: http://localhost:3000/samlp');\n  console.log('Access SAML Metadata via: http://localhost:3000/samlp/FederationMetadata/2007-06/FederationMetadata.xml');\n});\n","lang":"javascript","description":"This quickstart sets up a basic SAML Identity Provider (IdP) using Express and samlp, exposing login and metadata endpoints. It demonstrates how to configure the core `samlp.auth` middleware with required options like issuer, certificates, and a placeholder for the `getPostURL` and `getUserFromRequest` functions. It assumes a pre-authenticated `req.user` for simplicity. **Note**: Requires `some-cert.pem` and `some-cert.key` in the project root.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}