Integrating Node.js Application with AWS Single Sign-On (SSO) Using SAML

Welcome to this tutorial where we will demonstrate how to configure a Node.js application with AWS Single Sign-On (SSO) using the Security Assertion Markup Language (SAML) federation protocol. This integration allows users authenticated in AWS SSO to seamlessly access your Node.js app without the need for additional login credentials. We will break down the process into multiple steps, including setting up AWS SSO, configuring the Node.js SAML application, and testing the integration.


  • An AWS account with appropriate permissions.
  • Node.js and npm installed.
  • Familiarity with SAML and web application development.

Step 1: Enabling AWS Single Sign-On

  1. Log in to your AWS Management Console.
  2. Navigate to AWS Single Sign-On (AWS SSO). If it’s your first time using AWS SSO, you may need to enable the service. Follow the on-screen instructions to do so.

Step 2: Create a Test User in AWS SSO

  1. In the AWS SSO dashboard, go to the “Users” section.
  2. Add a new user (e.g., “test_user1”).
  3. Generate a one-time password for this user (since we’ll use a dummy email address).
  4. Configure other user details as needed and add the user.

Step 3: Configure the Node.js Application

  1. Download a Node.js application that integrates with SAML. You can find a sample app on the Passport SAML GitHub repository.
  2. Extract the downloaded files and navigate to the app’s root directory.
  3. Open a terminal in the app’s root directory and execute the following commands:sqlCopy codenpm install bower install npm start These commands will install dependencies and start the Node.js application.

Step 4: Configure AWS SSO URLs and Certificates in the Node.js App

  1. Open the config/passport.js file in your Node.js app.
  2. Replace the entryPoint URL with your AWS SSO’s sign-on URL.
  3. Download your AWS SSO Identity Provider certificate and save it in the app’s root directory as aws-sso-certificate.pem.
  4. Modify the config.js file to read the AWS SSO certificate using the fs module:javascriptCopy codeconst fs = require('fs'); const cert = fs.readFileSync('aws-sso-certificate.pem', 'utf-8'); // Update the 'entryPoint' and 'cert' values in config/passport.js entryPoint: 'Your AWS SSO sign-on URL', cert: cert,

Step 5: Create an AWS SSO Application

  1. In the AWS SSO dashboard, go to the “Applications” section.
  2. Add a new custom SAML application named “Node.js SAML App.”
  3. Manually enter the application’s ACS URL and SAML Audience using the values from your Node.js app’s configuration.

Step 6: Configure Attribute Mappings in AWS SSO

  1. Under “Attribute mappings,” configure the attributes you want to send to your Node.js app. For example, map the AWS SSO email attribute to email in your app.
  2. Save the attribute mappings.

Step 7: Assign the Application to the User

  1. Assign the “Node.js SAML App” to the test user created earlier.

Step 8: Test the Integration

  1. Open your Node.js application in a browser.
  2. You’ll be redirected to the AWS SSO login page. Log in using the test user’s credentials.
  3. After successful login, AWS SSO will post a SAML assertion to your Node.js app.
  4. Your Node.js app will process the SAML assertion and display the user’s profile information.

Step 9: Additional Attribute Configuration (Optional)

  1. You can configure additional attributes to be sent from AWS SSO to your Node.js app by modifying the config/passport.js and config.js files.


You’ve successfully integrated a Node.js application with AWS Single Sign-On (SSO) using the SAML federation protocol. Users can now log in to your Node.js app with their AWS SSO credentials. This tutorial covered essential steps, including AWS SSO setup, Node.js app configuration, and attribute mappings. If you encounter any issues or have questions, feel free to ask in the comments.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top