您好,我目前正在使用Passport / SAML / ADFS对用户进行身份验证以登录到我的网站。它目前正在运行,并且仅允许在Active Directory登录名中输入正确的用户名/密码的用户。
我目前正在尝试寻找一种方法来捕获用户登录回站点时输入的用户名,然后将其与用户角色的用户名列表进行比较。
我的最终目标是使站点功能完全像现在一样,但是能够看到用户名并与SQL返回的一组值进行比较。
以下是配置,我们将不胜感激。我对表达/角度/ SAML仍然很陌生,因此我只是按照在线指南构建了此设置。
config / config.js
module.exports = {
development: {
app: {
name: 'Passport SAML strategy example',
port: process.env.PORT || 80
},
passport: {
strategy: 'saml',
saml: {
callbackUrl: process.env.SAML_CALLBACK_URL || 'https://exa.example.com',
entryPoint: process.env.SAML_ENTRY_POINT || 'https://sts.example.net/adfs/ls/idpinitiatedsignon',
issuer: process.env.SAML_ISSUER || 'https://exa.example.com',
identifierFormat: null,
signatureAlgorithm: 'sha256',
authnContext: 'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows',
disableRequestedAuthnContext: true
//cert: process.env.SAML_CERT || null
}
}
}
};
config / passport.js
const SamlStrategy = require('passport-saml').Strategy;
module.exports = function (passport, config) {
passport.serializeUser(function (user, done) {
done(null, user);
});
passport.deserializeUser(function (user, done) {
done(null, user);
});
passport.use(new SamlStrategy(
{
callbackUrl: config.passport.saml.callbackUrl,
entryPoint: config.passport.saml.entryPoint,
issuer: config.passport.saml.issuer,
cert: config.passport.saml.cert,
identifierFormat: config.passport.saml.identifierFormat,
signatureAlgorithm: config.passport.saml.signatureAlgorithm,
authnContext: config.passport.saml.authnContext,
disableRequestedAuthnContext: config.passport.saml.disableRequestedAuthnContext
},
function (profile, done) {
return done(null,
{
upn: profile['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'],
}
);
}
)
);
};
config / routes.js
var xmldoc = require('xmldoc');
module.exports = function (app, config, passport) {
app.get('/', function (req, res) {
res.redirect('/home')
});
app.get('/login',
passport.authenticate(config.passport.strategy,
{
successRedirect: '/',
failureRedirect: '/login'
})
);
app.post('/', function(req, res) {
console.log('body saml:', req.body.SAMLResponse);
const body = req.body.SAMLResponse;
var b = new Buffer(body, 'base64');
let text = b.toString('ascii');
console.log('formmatted saml',text);
var document = new xmldoc.XmlDocument(text);
var status = document.descendantWithPath("samlp:Status").firstChild.attr;
console.log("status id:", status['Value']);
if( status['Value'] === 'urn:oasis:names:tc:SAML:2.0:status:Success' || status['Value'] === 'urn:oasis:names:tc:SAML:2.0:status:Responder'){
req.session.username = 'user'+Math.floor(Math.random() * Math.floor(10000000));
console.log("initialize session:", req.session.username);
}
else{
req.session.username = '';
}
res.redirect('/home');
}
);
app.get('/logout', function (req, res) {
req.logout();
res.redirect('https://sts.example.net/adfs/ls/?wa=signout1.0');
});
};
express / server.js
const express = require('express');
const http = require('http');
const path = require('path');
const passport = require('passport');
const morgan = require('morgan');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const request = require('request');
const session = require('express-session');
const errorhandler = require('errorhandler');
var env = process.env.NODE_ENV || 'development';
const config = require('./config/config')[env];
console.log('Using configuration', config);
require('./config/passport')(passport, config);
var app = express();
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(session(
{
resave: true,
saveUninitialized: true,
cookieName: 'session',
secret: 'random_string_goes_here',
duration: 15 ,
activeDuration: 15,
maxAge: 30
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(morgan('combined'));
app.use(function(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
res.setHeader('Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE,PUT');
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});
app.set('port', config.app.port);
require('./config/routes')(app, config, passport);
function ensureAuthenticated(req, res, next) {
console.log("passing the user val" + req.session.username)
if( req.session.username){
return next();
}
else{
res.redirect('/login');
}
}
app.use(express.static(path.join(__dirname, 'public')));
app.get('/*', ensureAuthenticated, (req, res) => {
res.sendFile(path.join(__dirname, 'public/index.html'));
});
app.listen(app.get('port'), function () {
console.log('Express server listening on port ' + app.get('port'));
});