npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@webbio/strapi-plugin-sso

v3.0.0

Published

This is the description of the plugin.

Downloads

147

Readme

Strapi plugin SSO

This Strapi plugin enables Single Sign-On (SSO) capabilities for your Strapi applications, allowing users to authenticate using their selected provider accounts. Once configured, it streamlines the login process, enhancing the user experience by providing a quick and secure way to access the application without the need for separate usernames and passwords.

Providers

The following providers are supported:

Google

type GoogleConfig = {
	enabled?: boolean;
	clientId: string;
	clientSecret: string;
	redirectUrl: string;
	isDeveloperLogin?: boolean; // Changes this login to a developer login, which will show a sublte login link on the bottom of the page
	order?: number; // Order of the SSO provider, lowest number will be shown first
};

MSAL

type MsalConfig = {
	enabled?: boolean;
	clientId: string;
	clientSecret: string;
	redirectUrl: string;
	authority: string;
	isDeveloperLogin?: boolean; // Changes this login to a developer login, which will show a sublte login link on the bottom of the page
	order?: number; // Order of the SSO provider, lowest number will be shown first
};

Microsoft SAML

type MicrosoftSamlConfig = {
	enabled: boolean;
	callbackUrl: string; // Url of the callback, must have the pathname of /sso/microsoft-saml/redirect/postResponse (e.g. http://localhost:1337/sso/microsoft-saml/redirect/postResponse)
	issuer: string; // Url of your app (e.g. http://localhost:1337)
	federationUrl: string; // Url to Federation Metadata XML of Provider,
	isDeveloperLogin?: boolean; // Changes this login to a developer login, which will show a sublte login link on the bottom of the page
	order?: number; // Order of the SSO provider, lowest number will be shown first
};

Plugin Config

To enable this plugin. Add it to plugins.ts

sso: {
  enabled: true,
  config: PluginConfig
}

Config type:

type PluginConfig = {
	role: string; // Must be a valid role in your Strapi installation.
	autoRegistration?: boolean; // Enables autoregistration for new SSO users.
	useSessionStorage?: boolean; // Enables session storage instead of localstorage
	disableCredentialsLogin?: boolean; // Disables credentials login and routes, so no login or registration via credentials is allowed (including API calls)
	developerLoginText?: string; // When a developer login is enabled, it will subtly display the login. This value will override the default text.
	msal?: MsalConfig;
	google?: GoogleConfig;
	microsoftSaml?: MicrosoftSamlConfig;
};

Microsoft SAML

For Microsoft SAML to work correctly, we nee to create an App Metadata XML. This XML is used by the SSO Tenant to create their Federation Metadata XML, which your Strapi app can use to read all the correct data (this url is used for the env MICROSOFT_SAML_FEDERATION_URL).

Creating the App Metadata XML to send to the tenant:

  1. Download the (Mellon Create Metadata)[https://github.com/UNINETT/mod_auth_mellon/blob/master/mellon_create_metadata.sh] bash script. If this url isn't available anymore, see the dist folder and look for the mellon_create_metadata.sh file (latest version of Sep 4, 2018).
  2. Execute the script: bash ./mellon_create_metadata.sh APP_ISSUER APP_CALLBACK_URL. Example: bash ./mellon_create_metadata.sh http://localhost:1337 http://localhost:1337/sso/microsoft-saml/redirect.
  3. Three files should be created: *.xml, *.key and *.cert. If no xml is generated, make sure line 57 doesn't contain RANDFILE = /dev/urandom. Remove if it exists.
  4. Send the XML to the Tenant provider. They will be able to create the Federation Metadata XML url for you.

Important

  • To make the script work correctly, make sure you add the "'unsafe-inline'" directive to your middlewares strapi::security config. Example:
export default ({ env }) => [
	// ...
	{
		name: 'strapi::security',
		config: {
			contentSecurityPolicy: {
				// ...
				directives: {
					// ...
					'script-src': [
					// ...
					"'unsafe-inline'", 
					// ...
					],
					// ...
					upgradeInsecureRequests: null
				}
			}
		}
	},
	// ...
];
  • When starting the admin for the first time, a register must take place with credentials. Later you can login with SSO.
  • When deploying the app with this plugin on production. Make sure to add proxy: true to your server.ts config. (Documentation)[https://docs.strapi.io/dev-docs/configurations/server]
  • To edit the admin login page, we inject HTML via a script server-side by editing the root index.html file. When developing in watch-mode this file does not exist, so we edit the index.html inside the .strapi/client folder. This may cause some weird behaviour and you may need to refresh the page before the 'patched' admin login page is shown.
  • When developing and changing the injectable login.html file. Make sure to run yarn build inside the plugin folder. This will copy the html file to the dist folder, where it's read to be used.
  • A new property is added to the Admin User: isSsoProvider. This property can only be viewed on the server and can be used to prevent sending welcome mails with password reset tokens for example.
  • When a new or an existing user logs in with SSO, the isSsoProvider prop is set to true. Also, a new random password will be generated for security reasons.
  • If in dev mode, the Google Auth keeps hanging after confirming your login. Make sure the redirect url is correct. It makes a difference if you're using localhost or 127.0.0.1.