NodeJS-Passport SAML-无效的身份验证请求

时间:2019-02-06 09:39:51

标签: node.js passport.js saml-2.0 passport-saml

我正在尝试在NodeJS应用程序中实现passport-saml。

当我通过sso提交请求时,出现此错误(作为响应表idp):

AuthnRequest/NameIDPolicy - attribute: AllowCreate  item not allowed
AuthnRequest/Issuer - attribute: NameQualifier  required key not provided
AuthnRequest/Issuer - attribute: Format required key not provided

在我的策略选项下:

var decryptionPvk = fs.readFileSync("<my_path>", "utf-8");
var privateCert = fs.readFileSync("<my_path>", "utf-8");
var idpCert = fs.readFileSync("<my_path>", "utf-8");

passport.use(new SamlStrategy(
  {
    path: '/acs',
    entryPoint: 'http://localhost:8088/sso',
    issuer: 'http://localhost:3000',
    privateCert: privateCert,
    decryptionPvk: decryptionPvk,
    attributeConsumingServiceIndex: 1,
    identifierFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
    authnContext: "https://www.spid.gov.it/SpidL1",
    attributes: {
      name: "Required attributes",
      attributes: ["fiscalNumber", "name", "familyName", "email"]
    },
    organization: {
      name: "Organization name",
      displayName: "Organization display name",
      URL: "http://localhost:8088"
    }
  },
  function(profile, done) {
    console.log(profile);
    findByEmail(profile.email, function(err, user) {
      if (err) {
        return done(err);
      }
      return done(null, user);
    });
  })
);

如何解决此问题?

0 个答案:

没有答案