0

我正在尝试将 SAML 与 node.js 和 passport-saml 模块一起使用,但我不明白我应该使用哪个证书/密钥。

我有这些文件:

  • 我的域名.crt
  • mydomain.key
  • 中级CA.crt

我需要设置decryptionPvkdecryptionCert并且privateCert

var samlStrategy = new passportSaml.Strategy({
  //--- URL that goes from the Identity Provider -> Service Provider
  callbackUrl    : 'http://mydomain/login/callback',

  //--- URL that goes from the Service Provider -> Identity Provider
  entryPoint     : 'https://auth.samlserver',

  issuer         : sails.config.passport.issuer,

  //--- Identity Provider's Public Key
  cert           : sails.config.passport.cert,

  //--- Service Provider Certificate
  privateCert    : fs.readFileSync('./certificats/mydomain.crt', 'utf-8'), // same error with IntermediateCA.crt

  //--- Service Provider private key
  decryptionPvk  : fs.readFileSync('./certificats/mydomain.key', 'utf-8'),
  logoutUrl      : 'https://auth.samlserver/logout',
  passReqToCallback : true,
},
(req, profile, done) => {
  console.log('profile :', profile);
  return done();
});

对于路由/元数据(使用decryptionCert):

samlStrategy.generateServiceProviderMetadata(fs.readFileSync('./certificats/mydomain.crt', 'utf-8'))

但我有以下错误消息:

crypto.js:279
  var ret = this._handle.sign(toBuf(key), null, passphrase);
                         ^

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
  at Error (native)
  at Sign.sign (crypto.js:279:26)
  at [object Object].SAML.signRequest (C:\Users\mseron\Documents\dev\node\mysite\node_modules\passport-saml\lib\passport-saml\saml.js:135:34)
  at requestToUrlHelper (C:\Users\mseron\Documents\dev\node\mysite\node_modules\passport-saml\lib\passport-saml\saml.js:308:12)
  at DeflateRaw.onEnd (zlib.js:227:5)
  at emitNone (events.js:85:20)
  at DeflateRaw.emit (events.js:179:7)
  at endReadableNT (_stream_readable.js:913:12)
  at _combinedTickCallback (internal/process/next_tick.js:74:11)
  at process._tickDomainCallback (internal/process/next_tick.js:122:9)
4

1 回答 1

1

实际上,使用mydomain.key,错误消息是

错误:错误:0906A068:PEM 例程:PEM_do_header:密码读取错误

我需要使用mydomain.key它的密码

在 node.js 中

var samlStrategy = new passportSaml.Strategy({
  ...

  //--- Service Provider Certificate
  privateCert    : {
    key : fs.readFileSync('./certificats/mydomain.key', 'utf-8'),
    passphrase : 'strong passphrase'
  }, 
  ...
},
(req, profile, done) => {
  ...
});
于 2016-11-17T13:46:17.293 回答