0

我目前正在使用passport-saml. 该流程与GET端点一起工作,直到回调到处理POST请求的端点。如果我在passport.authenticate('saml', { failureRedirect: '/' })那里添加,结果是:<pre>Cannot POST /support</pre>并且我从身份验证服务器获得的 SAMLResponse 没有任何日志。我尝试了另一个 SAMLResponse,我从这里获取:

https://developer.signicat.com/documentation/authentication/protocols/saml-2-0/example-saml-response/

我在日志中收到许多 xmldom 警告和错误,例如:[xmldom error] element parse error: Error: invalid attribute:(��s和 result <pre>Cannot POST /support</pre>,也是。

这是我的实现和配置:

引导.js:

const bodyParser = require('body-parser');

module.exports = (app, container) => {
  const logger = container.resolve('logger');
  const ssoService = container.resolve('ssoService');
  const passport = container.resolve('passport');

  app.use(bodyParser.urlencoded({ extended: false }));
  app.use(passport.initialize());
  app.use(passport.session());

  /**
   * Entrypoint for SAML authentication.
   * Passport prepares a SAMLRequest and redirects to the authentication service.
   */
  app.get('/support',
    passport.authenticate('saml', { failureRedirect: '/' }),
    (req, res) => {
      logger.info('User authenticated via SAML ADFS.');
      res.redirect('/dashboard');
    });

  /**
   * Callback endpoint for SAML authentication.
   * The authentication service (ADFS for example) sends a SAMLResponse to this endpoint and it
   * logs the user in.
   */
  app.post('/support',
    passport.authenticate('saml', { failureRedirect: '/' }),
    async (req, res) => {
      try {
        await ssoService.loginWithSamlSSO(req, res);
      } catch (error) {
        logger.error(`Something went wrong while logging in with SSO! ${error}`);
        res.status(503).send('Something went wrong while logging in with SSO!');
      }
    });
};

护照.js

const fs = require('fs');
const passport = require('passport');
const SamlStrategy = require('passport-saml').Strategy;

const adfsCert = process.env.CERT || 'cert.pem';
const cert = fs.readFileSync(`${__dirname}/../../config/cert/${adfsCert}`, 'utf-8');

passport.serializeUser((user, done) => {
  done(null, user);
});

passport.deserializeUser((user, done) => {
  done(null, user);
});

// SAML token
passport.use(new SamlStrategy(
  {
    entryPoint: process.env.ENTRYPOINT,
    logoutUrl: process.env.LOGOUT_URL,
    issuer: process.env.ISSUER,
    callbackUrl: process.env.CALLBACK_URL,
    cert,
    // other authn contexts are available e.g. windows single sign-on
    // authnContext: 'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password',
    // not sure if this is necessary?
    acceptedClockSkewMs: -1,
    identifierFormat: null,
    // this is configured under the Advanced tab in AD FS relying party
    signatureAlgorithm: 'sha256',
    RACComparison: 'exact', // default to exact RequestedAuthnContext Comparison Type
  },
  ((profile, done) => done(null,
    {
      emailaddress: profile['http://schemas.microsoft.com/ws/2008/06/identity/claims/email'],
      // e.g. if you added a Group claim
      role: profile['http://schemas.microsoft.com/ws/2008/06/identity/claims/role'],
    })),
));

module.exports = passport;

我需要检查证书。

passport-saml 文档中,该示例没有-----BEGIN CERTIFICATE----------END CERTIFICATE-----。它是否与它一起工作,没有或只有没有,并且证书作为单线?

4

0 回答 0