我正在编写 Node.js 应用程序,并尝试集成ADFS服务器以获取身份验证。为此,我使用wstrust-client
,并使用ADFS服务器URL作为我的端点。到目前为止我的代码是:
app.get('/login', function(req, res) {
trustClient.requestSecurityToken({
scope: 'https://mycompany.com',
username: "username",
password: "password",
endpoint: 'https://[adfs server]/adfs/services/trust/13/usernamemixed'
}, function (rstr) {
// Access the token
var rawToken = rstr.token;
console.log('raw: ' + rawToken);
}, function(error) {
console.log(error)
});
});
我通过wstrust-client
到目前为止,wstrustclient.js
中的代码是:
var req = https.request(post_options, function(res) {
res.setEncoding('utf8');
res.on('data', function(data) {
console.log("Entered res")
var rstr = {
token: parseRstr(data),
response: res,
};
callback(rstr);
});
});
req.write(message);
req.end();
req.on('error', function (e) {
console.log("******************************");
console.log(e);
console.log("******************************");
然而,它抛出了这个错误:
******************************
{ [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
stack: 'Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE\n
at SecurePair.<anonymous> (tls.js:1253:32)\n
at SecurePair.EventEmitter.emit (events.js:91:17)\n
at SecurePair.maybeInitFinished (tls.js:865:10)\n
at CleartextStream.read [as _read] (tls.js:416:15)\n
at CleartextStream.Readable.read (_stream_readable.js:231:10)\n
at EncryptedStream.write [as _write] (tls.js:329:25)\n
at EncryptedStream.Writable.write (_stream_writable.js:176:8)\n
at write (_stream_readable.js:496:24)\n
at flow (_stream_readable.js:506:7)\n
at Socket.pipeOnReadable (_stream_readable.js:538:5)' }
******************************
******************************
{ [Error: read ECONNRESET]
stack: 'Error: read ECONNRESET\n
at errnoException (net.js:846:11)\n
at TCP.onread (net.js:508:19)',
code: 'ECONNRESET',
errno: 'ECONNRESET',
syscall: 'read' }
******************************
当我在浏览器中浏览相同的端点URL时,它会抛出HTTP 400: Bad Request
我知道这是一个SSL类型错误,它来自服务器端。但是,我不知道为什么它会抛出错误以及服务器端可能出现的问题。我需要改变什么?
答案 0 :(得分:4)
根据OpenSSL手册here:
21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:无法验证 第一个证书没有签名可以验证,因为链 只包含一个证书,而且不是自签名的。
考虑到这一点,您可能需要签署证书。