在Angular SPA客户端上访问经过身份验证的用户

时间:2018-12-03 23:35:12

标签: node.js angular express authentication passport.js

我正在使用Node.js Express.js(用于服务器端)和Angular 6 SPA(用于客户端)构建Web应用程序。

使用下面的简单Express.js代码,我已经通过SAML2.js ADFS成功验证了用户身份,现在我想在客户端Angular SPA上访问该用户。我该怎么办?

我找到了类似的设置here,但是那里没有答案,而且答案有些过时了。

var saml2 = require('saml2-js');
var fs = require('fs');
var express = require('express');
var https = require('https');
var app = express();
var bodyParser = require('body-parser');
app.use(bodyParser.urlencoded({
  extended: true
}));
// Create service provider
var sp_options = {
  entity_id: "https://localhost:44301/",
  private_key: fs.readFileSync("key.pem").toString(),
  certificate: fs.readFileSync("certificate.crt").toString(),
  assert_endpoint: "https://localhost:44301/assert",

  force_authn: true,
  auth_context: { comparison: "minimum", class_refs: ["urn:oasis:names:tc:SAML:2.0:ac:classes:password"] },
  nameid_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
  sign_get_request: false,
  allow_unencrypted_assertion: true
};
var sp = new saml2.ServiceProvider(sp_options);
// Create identity provider
var idp_options = {
  sso_login_url: "https://mmusmaadfs.company.com/adfs/ls/",
  sso_logout_url: "https://mmusmaadfs.company.com/adfs/ls/",
  certificates: [fs.readFileSync("./2018ADFSSigningBase64Cert.cer").toString()],
  force_authn: true,
  sign_get_request: false,
  allow_unencrypted_assertion: true
};
var idp = new saml2.IdentityProvider(idp_options);
// ------ Define express endpoints ------
// Endpoint to retrieve metadata
app.get("/metadata.xml", function(req, res) {
  res.type('application/xml');
  res.send(sp.create_metadata());
});
// Starting point for login
app.get("/login", function(req, res) {
  sp.create_login_request_url(idp, {}, function(err, login_url, request_id) {
    if (err != null)
      return res.send(500);
    res.redirect(login_url);
  });
});
// Assert endpoint for when login completes
app.post("/assert", function(req, res) {  
  var options = {request_body: req.body};
  sp.post_assert(idp, options, function(err, saml_response) {
    if (err != null){
      console.log("got here");
      console.log(err);
      return res.send(err);  
    }
    // Save name_id and session_index for logout
    // Note:  In practice these should be saved in the user session, not globally.
    name_id = saml_response.user.name_id;
    session_index = saml_response.user.session_index;
    res.send("Hello " +name_id +".");
    //res.send("Hello #{saml_response.user.name_id}!");
  });
});
// Starting point for logout
app.get("/logout", function(req, res) {
  var options = {
    name_id: name_id,
    session_index: session_index
  };
  sp.create_logout_request_url(idp, options, function(err, logout_url) {
    if (err != null)
      return res.send(500);
    res.redirect(logout_url);
  });
});
var httpsOptions = {
  key: fs.readFileSync('./key.pem')
    , cert: fs.readFileSync('./certificate.crt')
}
var httpsServer = https.createServer(httpsOptions, app);
// app.listen(44301,console.log("App on 44301"));
httpsServer.listen(44301,console.log("App on 44301"));

0 个答案:

没有答案