1

我试图让 Passport 与任何策略一起使用,但最终我想让它与 SAML 实现一起使用。现在看来,一旦调用该策略,它总是会失败。我想知道我的服务器处理程序链是否设置错误?

`

'use strict';
// ---------------------------------- BEGIN MODULE SCOPE VARIABLES ----------------------------------
var
  http     = require('http'),
  express  = require('express'),
  session  = require('express-session'),
  path     = require("path"),
  samlStrategy  = require('passport-saml').Strategy,
  passport = require('passport'),
  //flash    = require('connect-flash'),
  morgan   = require('morgan'),
  app = express(),
  server = http.createServer(app);

// ---------------------------------- END MODULE SCOPE VARIABLES ------------------------------------

// ---------------------------------- BEGIN SERVER CONFIGURATION ------------------------------------

app.configure(function () {
  app.use(app.router);
  app.use(express.cookieParser());
  app.use(express.bodyParser());
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(express.methodOverride());
  app.use(morgan('dev')); // log every request to the console
  app.use(express.static(__dirname + '/public'));
});

passport.use('saml', new samlStrategy({

    path: '/login/callback',
    entryPoint: 'https://openidp.feide.no/simplesaml/module.php/openidProvider/user.php/sso',
    issuer: 'passport-saml',
    protocol: 'http://',
    cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='
    //privateCert: fs.readFileSync('./cert.pem', 'utf-8')
  },
  function(profile, done) {
    console.log("Auth with", profile);
    if (!profile.email) {
      return done(new Error("No email found"), null);
    }
    // asynchronous verification, for effect...
    process.nextTick(function () {
      findByEmail(profile.email, function(err, user) {
        if (err) {
          return done(err);
        }
        if (!user) {
          // "Auto-registration"
          users.push(profile);
          return done(null, profile);
        }
        return done(null, user);
      })
    });
  }
));

app.get('/XA', passport.authenticate('local-login', {
    failureRedirect: '/404.html', // redirect
    failureFlash: false // allow flash messages
  })
);

app.get('/XA/callback',
  passport.authenticate('saml', {
    successRedirect : '/index.html',
    failureRedirect : '/failure'
  }));`
4

1 回答 1

2

我无法从上面确切地知道您的失败是什么,但您可能想尝试的一件事是将samlFallback: login-request参数传递给您的身份验证调用。

如果没有这个,我不相信该库会将登录重定向到您的 SAML 提供者的入口点,因此对该路由的调用似乎只是无法通过身份验证。

--

更新:

从 0.4.0 版开始,我刚刚samlFallback: login-request设置了默认值,因此您应该能够更新您的 passport-saml 版本并获得正确的行为。

于 2014-06-18T01:25:40.863 回答