这是我不断得到的错误 " CWOAU0062E:OAuth服务提供商无法重定向请求,因为重定向URI无效。请与您的系统管理员联系以解决问题。"
var express = require('express');
// Add for SSO
var cookieParser = require('cookie-parser');
var session = require('express-session');
var passport = require('passport');
var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
var redis = require('redis');
var RedisStore = require('connect-redis')(session);
// cfenv provides access to your Cloud Foundry environment
// for more info, see: https://www.npmjs.com/package/cfenv
var cfenv = require('cfenv');
// get the app environment from Cloud Foundry
var appEnv = cfenv.getAppEnv();
// create a new express server
var app = express();
var services = JSON.parse(process.env.VCAP_SERVICES || null);
// get configuration for redis backing service and connect to service
var redisConfig = appEnv.getService(/Redis.*/);
if(redisConfig == null) {
console.log('ERROR: Failed to create REDDISCONFIG!!!');
} else {
var redisPort = redisConfig.credentials.port;
var redisHost = redisConfig.credentials.hostname;
var redisPasswd = redisConfig.credentials.password;
var redisclient = redis.createClient(redisPort, redisHost, {no_ready_check: true});
redisclient.auth(redisPasswd, function (err) {
if (err) {
throw err;
}
});
redisclient.on('connect', function() {
console.log('Connected to Redis');
});
}
// define express session services, etc for SSO
app.use(cookieParser());
// app.use(session({resave: 'true', saveUninitialized: 'true' , secret: 'keyboard cat'}));
if(redisConfig != null) {
app.use(session({
store: new RedisStore({ client: redisclient }),
resave: 'true',
saveUninitialized: 'true',
secret: 'top secr8t'
}));
}
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
// find config object for the SSO services from VCAP_SERVICES through cfenv/appEnv
var ssoConfig = services.SingleSignOn[0];
//appEnv.getService(/Single Sign On.*/)
if(ssoConfig == null) {
console.log('ERROR: Failed to instantiate SSOCONFIG. Its not available!!!');
} else {
var client_id = ssoConfig.credentials.clientId;
var client_secret = ssoConfig.credentials.secret;
var authorization_url = ssoConfig.credentials.authorizationEndpointUrl;
var token_url = ssoConfig.credentials.tokenEndpointUrl;
var issuer_id = ssoConfig.credentials.issuerIdentifier;
}
// you MUST change the host route to match your application name
// var callback_url = 'https://scaleSSO-TOR0815.mybluemix.net/auth/sso/callback';
var callback_url = 'https://krishnodejs.mybluemix.net/auth/sso/callback';
var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
var Strategy = new OpenIDConnectStrategy({
authorizationURL : authorization_url,
tokenURL : token_url,
clientID : client_id,
scope: 'openid',
response_type: 'code',
clientSecret : client_secret,
callbackURL : appEnv.url + '/auth/sso/callback',
// callbackURL : callback_url,
skipUserProfile: true,
issuer: issuer_id},
function(accessToken, refreshToken, profile, done) {
process.nextTick(function() {
profile.accessToken = accessToken;
profile.refreshToken = refreshToken;
done(null, profile);
})
});
passport.use(Strategy);
app.get('/login', passport.authenticate('openidconnect', {}));
function ensureAuthenticated(req, res, next) {
if(!req.isAuthenticated()) {
// req.session.originalUrl = 'https://krishnodejs.mybluemix.net';
res.redirect('/login');
} else {
return next();
}
}
app.get('/auth/sso/callback',function(req,res,next) {
var redirect_url = 'https://krishnodejs.mybluemix.net/hello';
// req.session.originalUrl;
passport.authenticate('openidconnect',{
successRedirect: redirect_url,
failureRedirect: '/failure',
})(req,res,next);
});
app.get('/hello', ensureAuthenticated, function(req, res) {
res.send('Hello, '+ req.user['id'] + '!'); }
);
app.get('/failure', function(req, res) {
res.send('login failed'); });
// serve the files out of ./public as our main files
app.use(express.static(__dirname + '/public'));
// start server on the specified port and binding host
app.listen(appEnv.port, function() {
// print a message when the server starts listening
console.log("server starting on " + appEnv.url);
});
我在SSO" https://krishnodejs.mybluemix.net/hello"
的返回网址设置中有以下网址任何建议修复都非常受欢迎。
失败的重定向网址我的回调网址正确,除了奇怪的& scope = openid ....但我猜,这可能不是问题
我查看了服务器端日志以查找错误。但没有。让我不知道问题在哪里
答案 0 :(得分:0)
对于有类似问题的人,请注意登录时从BlueMix返回的redirect_url参数。
在我的情况下,我将此网址设置为2个地方
虽然这两个链接指向同一个URL,但由于某种原因,应用程序会从代码中选择一个。我能够解决这个问题的方法来自参数callback_url中的内容(如上所述) 首先,我们在代码中提供的重定向URL不一定是完整的URL。在我的情况下,它应该是'bluemix / callback'。我修好了。它有用吗,不。但事情从一个问题转移到另一个问题。一个前进的步骤,如果我可以这样说。 下一个问题是什么?网址回来了,但协议没有。它总是返回http,而不是https,因此页面仍未加载。 最后,我摆脱了从代码中设置此URL并在UI中从URL驱动整个内容。我将“配置应用程序”中的URL设置为“https://krishnodejs.mybluemix.net/auth/bluemix/callback”。 如果您想知道我的代码是什么样的,在这些更改之后,请转到
var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
var OpenIDStrategy = new OpenIDConnectStrategy({
authorizationURL : authorization_url,
tokenURL : token_url,
clientID : client_id,
scope: 'openid',
response_type: 'code',
clientSecret : client_secret,
// callbackURL : callback_url,
skipUserProfile: true,
issuer: issuer_id
}, function(accessToken, refreshToken, profile, done) {
process.nextTick(function() {
profile.accessToken = accessToken;
profile.refreshToken = refreshToken;
done(null, profile);
});
});
passport.use(OpenIDStrategy);
}
正如您所看到的,我注释掉了传递callback_url的代码。宾果游戏,一切正常。 获得的经验教训:留意'redirect_url'。如果URL出现错误,那么您无法在代码或UI中将其设置为正确。 我的下一次尝试是不在UI中设置它并完全从代码中驱动它。目前我认为我已经过了这个问题,我可以继续前进。 希望这会有所帮助。
答案 1 :(得分:0)
CWOAU0062E:OAuth服务提供商无法重定向请求,因为重定向URI无效。请与系统管理员联系以解决问题。 通常表示在单点登录服务中未正确配置返回URL。
因此,请在服务的“集成”部分下更新单点登录的返回URL,以使其与代码中的callback_url匹配,然后重新启动应用程序