身份验证后,Passport Saml-> SAML提供程序返回错误

时间:2019-01-08 20:42:15

标签: node.js express passport.js passport-saml

我正在尝试使用passport-saml进行身份验证,但是在通过错误IntStream.range(0, 4).forEach(i -> { executor.scheduleWithFixedDelay(() -> runOnce(i), 0, 5000, TimeUnit.MILLISECONDS); }); 对其进行授权后

当我单击登录名时,它会将我重定向到IDP登录页面,在其中提供用户名和密码,然后将其重定向到崩溃的我的/ login / callback函数。

app.js 

Error: SAML provider returned Requester error: An error occurred.

routes.js 

const express = require('express');
const http = require('http');
const path = require('path');
const passport = require('passport');
const morgan = require('morgan');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const session = require('express-session');
const errorhandler = require('errorhandler');

var env = process.env.NODE_ENV || 'development';
const config = require('./config/config')[env];

console.log('Using configuration', config);

require('./config/passport')(passport, config);

var app = express();

app.set('port', config.app.port);
app.set('views', __dirname + '/app/views');
app.set('view engine', 'jade');
app.use(morgan('combined'));
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(session(
  {
    resave: true,
    saveUninitialized: true,
    secret: 'this shit hits'
  }));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static(path.join(__dirname, 'public')));

require('./config/routes')(app, config, passport);

app.listen(app.get('port'), function () {
  console.log('Express server listening on port ' + app.get('port'));
});

passport.js 

module.exports = function (app, config, passport) {
  app.get('/', function (req, res) {
    if (req.isAuthenticated()) {
      res.render('home',
        {
          user: req.user
        });
    } else {
      res.render('home',
        {
          user: null
        });
    }
  });

  app.get('/login',
    passport.authenticate(config.passport.strategy,
      {
        successRedirect: '/',
        failureRedirect: '/login'
      })
  );

  app.post(config.passport.saml.path,
    passport.authenticate(config.passport.strategy,
      {
        failureRedirect: '/',
        failureFlash: true
      }),
    function (req, res) {
      res.redirect('/');
    }
  );

  app.get('/signup', function (req, res) {
    res.render('signup');
  });

  app.get('/profile', function (req, res) {
    if (req.isAuthenticated()) {
      res.render('profile',
        {
          user: req.user
        });
    } else {
      res.redirect('/login');
    }
  });

  app.get('/logout', function (req, res) {
    req.logout();
    // TODO: invalidate session on IP
    res.redirect('/');
  });
};

config.js 

const SamlStrategy = require('passport-saml').Strategy;

module.exports = function (passport, config) {

  passport.serializeUser(function (user, done) {
    done(null, user);
  });

  passport.deserializeUser(function (user, done) {
    done(null, user);
  });

  passport.use(new SamlStrategy(
    {
      path: config.passport.saml.path,
      entryPoint: config.passport.saml.entryPoint,
      issuer: config.passport.saml.issuer,
      cert: config.passport.saml.cert
    },
    function (profile, done) {
      return done(null,
        {
          id: profile.uid,
          email: profile.email,
          displayName: profile.cn,
          firstName: profile.givenName,
          lastName: profile.sn
        });
    })
  );
};

这是我在控制台和浏览器上遇到的错误

module.exports = {
  development: {
    app: {
      name: 'Passport SAML strategy example',
      port: process.env.PORT || 3000
    },
    passport: {
      strategy: 'saml',
      saml: {
        path: process.env.SAML_PATH || '/login/callback',
        entryPoint: process.env.SAML_ENTRY_POINT || 'https://idp.example.io/idp/profile/SAML2/Redirect/SSO',
        issuer: 'https://sp.example.io/shibboleth',
        cert: process.env.SAML_CERT || '/etc/ssl/certs/ssl-sp.crt'
      }
    }
  }
};

这是我得到的答复

Error: SAML provider returned Requester error: An error occurred.
  at /root/passport-saml-ex1/node_modules/passport-saml/lib/passport-saml/saml.js:677:31
  at _fulfilled (/root/passport-saml-ex1/node_modules/q/q.js:854:54)
  at /root/passport-saml-ex1/node_modules/q/q.js:883:30
  at Promise.promise.promiseDispatch (/root/passport-saml-ex1/node_modules/q/q.js:816:13)
  at /root/passport-saml-ex1/node_modules/q/q.js:570:49
  at runSingle (/root/passport-saml-ex1/node_modules/q/q.js:137:13)
  at flush (/root/passport-saml-ex1/node_modules/q/q.js:125:13)
  at process._tickCallback (internal/process/next_tick.js:61:11)

1 个答案:

答案 0 :(得分:0)

就像乔说的那样,您将希望查看IdP日志的内容,但是您可能会发现https://itknowledgeexchange.techtarget.com/itanswers/how-to-store-images-in-a-mongodb-database/很有帮助。基本上,如果您在SamlStrategy的实例化中未指定identifierFormat,则默认为“ urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”,这总是导致我出现请求者错误。将identifierFormat设置为null会导致来自IdP的成功响应。

也就是说,我后来遇到了一些非常令人沮丧的成功重定向行为,我将不再赘述,但是如果您发现自己在IdP和SP之间转圈,this passport-saml issue会很好地解释并提供解决方法。 我仍然没有工作,所以请告诉我是否可以:)

相关问题
最新问题