0

我正在使用 PassportJS 和 passport-saml 连接到 SSO 服务器。我想拥有进入 SAML 请求(/login路由)的 ID,以便使用此 ID 存储密钥。然后在回调中(/login/callback我可以恢复密钥,因为 ID 已传递到 SAML 响应中。

如何访问请求的 SAML?或者至少是身份证?

这是我的登录和回调路由代码:

var samlStrategy = new saml.Strategy({
    callbackUrl: "https://somedomain.test/boapi/ssocallback",
    entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
    issuer: 'issuer-saml',
    decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
    privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
    validateInResponseTo: false,
    cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
    disableRequestedAuthnContext: true,
    acceptedClockSkewMs: 0 
}, (profile, done) => {
    return done(null, profile);
});

passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));

app.get('/login',
    (req, res, next) => {
        passport.authenticate('samlStrategy', (err, user, info) => {
            // I tried here but it's never called
            return;
        })(req, res, next);
    }
);

app.post('/login/callback',
    (req, res, next) => {
        next();
    },
    passport.authenticate('samlStrategy'),
    (req, res) => {
        const firstName = req.user?.firstName
        const lastName = req.user?.lastName
        const email = req.user?.email
        res.send({email, firstName, lastName});
    }
);
4

1 回答 1

0

我没有找到获得 SAML 请求 ID 的方法,因此我没有使用此 ID 存储我的数据,而是在路由中设置了一个 cookie,/login然后在/callback路由中读取它。

app.get('/login',
    (req, res, next) => {
        res.cookie(myDataCookieName, req.query.myData, { maxAge: 1000 * 60 * 15, httpOnly: true, sameSite: "none", secure: true });
        next();
    },
    passport.authenticate('samlStrategy', {
        session: false,
    }),
);

app.post('/login/callback',
    (req, res, next) => {
        next();
    },
    passport.authenticate('samlStrategy', {
        session: false,
    }),
    (req, res) => {
        const firstName = req.user?.firstName;
        const lastName = req.user?.lastName;
        const email = req.user?.email;
        const myData = req.cookies[myDataCookieName];

        res.send({ email, firstName, lastName, myData });
    }
);
于 2022-01-17T07:59:38.033 回答