我正在尝试让Passport使用任何策略,但最终我希望它能够使用SAML实现。现在看来,一旦调用策略,它总是会失败。我想知道我的服务器处理程序链是否设置错误?
`
'use strict';
// ---------------------------------- BEGIN MODULE SCOPE VARIABLES ----------------------------------
var
http = require('http'),
express = require('express'),
session = require('express-session'),
path = require("path"),
samlStrategy = require('passport-saml').Strategy,
passport = require('passport'),
//flash = require('connect-flash'),
morgan = require('morgan'),
app = express(),
server = http.createServer(app);
// ---------------------------------- END MODULE SCOPE VARIABLES ------------------------------------
// ---------------------------------- BEGIN SERVER CONFIGURATION ------------------------------------
app.configure(function () {
app.use(app.router);
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.methodOverride());
app.use(morgan('dev')); // log every request to the console
app.use(express.static(__dirname + '/public'));
});
passport.use('saml', new samlStrategy({
path: '/login/callback',
entryPoint: 'https://openidp.feide.no/simplesaml/module.php/openidProvider/user.php/sso',
issuer: 'passport-saml',
protocol: 'http://',
cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='
//privateCert: fs.readFileSync('./cert.pem', 'utf-8')
},
function(profile, done) {
console.log("Auth with", profile);
if (!profile.email) {
return done(new Error("No email found"), null);
}
// asynchronous verification, for effect...
process.nextTick(function () {
findByEmail(profile.email, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
users.push(profile);
return done(null, profile);
}
return done(null, user);
})
});
}
));
app.get('/XA', passport.authenticate('local-login', {
failureRedirect: '/404.html', // redirect
failureFlash: false // allow flash messages
})
);
app.get('/XA/callback',
passport.authenticate('saml', {
successRedirect : '/index.html',
failureRedirect : '/failure'
}));`
答案 0 :(得分:2)
我无法从上面确切地知道您的失败是什么,但您可能想要尝试的一件事是将samlFallback: login-request参数传递给您的身份验证调用。
如果没有这个,我不相信该库会将登录重定向到您的SAML提供商的入口点,因此对该路由的调用似乎只是验证失败。
-
<强>更新
从版本0.4.0开始,我刚刚将samlFallback: login-request设为默认值,因此您应该只需更新您的passport-saml版本并获得正确的行为。