Access authenticated user on Angular SPA client si

2019-08-24 10:13发布


I'm building web app using Node.js Express.js for the server-side and Angular 6 SPA for the client.

Using the simple Express.js code, below, I've successfully authenticated a user via SAML2.js ADFS and now I want to access the user on the client side Angular SPA. How do I do that?

I found a similar setup here, but there is not an answer there and its a bit dated.

var saml2 = require('saml2-js');
var fs = require('fs');
var express = require('express');
var https = require('https');
var app = express();
var bodyParser = require('body-parser');
  extended: true
// Create service provider
var sp_options = {
  entity_id: "https://localhost:44301/",
  private_key: fs.readFileSync("key.pem").toString(),
  certificate: fs.readFileSync("certificate.crt").toString(),
  assert_endpoint: "https://localhost:44301/assert",

  force_authn: true,
  auth_context: { comparison: "minimum", class_refs: ["urn:oasis:names:tc:SAML:2.0:ac:classes:password"] },
  nameid_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
  sign_get_request: false,
  allow_unencrypted_assertion: true
var sp = new saml2.ServiceProvider(sp_options);
// Create identity provider
var idp_options = {
  sso_login_url: "",
  sso_logout_url: "",
  certificates: [fs.readFileSync("./2018ADFSSigningBase64Cert.cer").toString()],
  force_authn: true,
  sign_get_request: false,
  allow_unencrypted_assertion: true
var idp = new saml2.IdentityProvider(idp_options);
// ------ Define express endpoints ------
// Endpoint to retrieve metadata
app.get("/metadata.xml", function(req, res) {
// Starting point for login
app.get("/login", function(req, res) {
  sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
    if (err != null)
      return res.send(500);
// Assert endpoint for when login completes"/assert", function(req, res) {  
  var options = {request_body: req.body};
  sp.post_assert(idp, options, function(err, saml_response) {
    if (err != null){
      console.log("got here");
      return res.send(err);  
    // Save name_id and session_index for logout
    // Note:  In practice these should be saved in the user session, not globally.
    name_id = saml_response.user.name_id;
    session_index = saml_response.user.session_index;
    res.send("Hello " +name_id +".");
    //res.send("Hello #{saml_response.user.name_id}!");
// Starting point for logout
app.get("/logout", function(req, res) {
  var options = {
    name_id: name_id,
    session_index: session_index
  sp.create_logout_request_url(idp, options, function(err, logout_url) {
    if (err != null)
      return res.send(500);
var httpsOptions = {
  key: fs.readFileSync('./key.pem')
    , cert: fs.readFileSync('./certificate.crt')
var httpsServer = https.createServer(httpsOptions, app);
// app.listen(44301,console.log("App on 44301"));
httpsServer.listen(44301,console.log("App on 44301"));