Giters

tigaron / nextjs-samlify

Next.js prototype with implementation of keycloak authorization endpoint using samlify.js

Home Page:https://nextjs-samlify.vercel.app/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Env variables Certificate and Private Key are not defined

pierre-fichet opened this issue Β· comments

commented

Hi!
First of all, thanks for all your work ! It looks awesome ! πŸ™‚
I cloned the repository and run npm run dev. When loading the login page, it fails to read some environments variables.

TypeError: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined
This error happened while generating the page. Any console logs will be displayed in the terminal window.
Source

(api)/libs/saml.ts (11:21) @ eval

   9 | 	wantLogoutRequestSigned: true,
  10 | 	wantLogoutResponseSigned: true,
> 11 | 	signingCert: Buffer.from(process.env.SIGN_B64_CERTIFICATE as string, 'base64'),
     | 	                   ^
  12 | 	privateKey: Buffer.from(process.env.SIGN_B64_PRIVATE_KEY as string, 'base64'),
  13 | 	privateKeyPass: process.env.SP_PRIVATE_KEY_PASS,
  14 | });

I saw that the env.development file doesn't contain those variables. I also saw that the last commit on this file changed the structure:
8f7d5b7

I don't know Nextjs. I am trying to make Samlify work with Keycloak and analyzing how you did it. But I would like to test all the flow with your example πŸ˜‰

commented

Hey there, @pierre-fichet ! Thank you for reaching out!

It has been awhile since I worked on this project, and I have not been maintaining it ever since.

I have reverted this repo to its last working version and I think you would be able to analyze and test it again now.

The demo at https://nextjs-samlify.vercel.app/ is also working now.

commented

For your reference, the last issue was caused by my misconfiguration of Keycloak's signature and redirect uris due to testing my deployment on vercel.

At the moment, my Keycloak server as IDP is ignoring the origin request's signature since I don't have access to modify vercel's SSL.

If you want to try Keycloak with its high security settings (by enabling origin's signature check), I'd suggest deploying Keycloak using docker on your local maching so you would be able to configure the SSL settings.

commented

Hello @tigaron ! A big thank you for your quick response and your information !
Indeed it's working now and I just have to analyze what we are doing wrong πŸ˜„
Awesome work and Happy new year !