问题描述
我目前正在使用passport-saml
实现SAML SSO。该流将与 GET 端点一起使用,直到该端点的回调(该端点处理 POST 请求)为止。如果在此处添加passport.authenticate('saml',{ failureRedirect: '/' })
,则结果为:<pre>Cannot POST /support</pre>
,并且没有从身份验证服务器获得的SAMLResponse日志。我尝试了另一个SAMLResponse,它是从这里获取的:
我在日志中收到许多xmldom警告和错误,例如:[xmldom error] element parse error: Error: invalid attribute:(��s
和结果<pre>Cannot POST /support</pre>
。
这是我的实现和配置:
boot.js:
const bodyParser = require('body-parser');
module.exports = (app,container) => {
const logger = container.resolve('logger');
const ssoService = container.resolve('ssoService');
const passport = container.resolve('passport');
app.use(bodyParser.urlencoded({ extended: false }));
app.use(passport.initialize());
app.use(passport.session());
/**
* Entrypoint for SAML authentication.
* Passport prepares a SAMLRequest and redirects to the authentication service.
*/
app.get('/support',passport.authenticate('saml',{ failureRedirect: '/' }),(req,res) => {
logger.info('User authenticated via SAML ADFS.');
res.redirect('/dashboard');
});
/**
* Callback endpoint for SAML authentication.
* The authentication service (ADFS for example) sends a SAMLResponse to this endpoint and it
* logs the user in.
*/
app.post('/support',async (req,res) => {
try {
await ssoService.loginWithSamlSSO(req,res);
} catch (error) {
logger.error(`Something went wrong while logging in with SSO! ${error}`);
res.status(503).send('Something went wrong while logging in with SSO!');
}
});
};
passport.js
const fs = require('fs');
const passport = require('passport');
const SamlStrategy = require('passport-saml').Strategy;
const adfsCert = process.env.CERT || 'cert.pem';
const cert = fs.readFileSync(`${__dirname}/../../config/cert/${adfsCert}`,'utf-8');
passport.serializeUser((user,done) => {
done(null,user);
});
passport.deserializeUser((user,user);
});
// SAML token
passport.use(new SamlStrategy(
{
entryPoint: process.env.ENTRYPOINT,logoutUrl: process.env.logoUT_URL,issuer: process.env.ISSUER,callbackUrl: process.env.CALLBACK_URL,cert,// other authn contexts are available e.g. windows single sign-on
// authnContext: 'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password',// not sure if this is necessary?
acceptedClockSkewMs: -1,identifierFormat: null,// this is configured under the Advanced tab in AD FS relying party
signatureAlgorithm: 'sha256',RACComparison: 'exact',// default to exact RequestedAuthnContext Comparison Type
},((profile,done) => done(null,{
emailaddress: profile['http://schemas.microsoft.com/ws/2008/06/identity/claims/email'],// e.g. if you added a Group claim
role: profile['http://schemas.microsoft.com/ws/2008/06/identity/claims/role'],})),));
module.exports = passport;
我需要检查证书。
在passport-saml documentation中,该示例没有-----BEGIN CERTIFICATE-----
和-----END CERTIFICATE-----
。它是否可以使用,也可以不带有或仅带有不带证书的证书?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)