尝试在我的项目上设置 Passport-SAML。这是一个代码示例
export const samlFederationAuthentication = () => {
const multiSamlStrategy: MultiSamlStrategy = new MultiSamlStrategy(
{
passReqToCallback: true,
getSamlOptions: async (req: Express.Request, done: SamlOptionsCallback) => {
const entityID: string = decodeURIComponent((req.query.entityID as string) || '');
if (!entityID) {
return done(
CustomError(
'Not supported',
'SAML AUTH',
`EntityID is undefined`
)
);
}
const config = await samlFederation.getConfig(); // getting entrypoint and certificate
if (!config[entityID]) {
return done(
CustomError(
'Not supported',
'SAML AUTH',
`EntityID is not supported by IDp`
)
);
}
return done(null, {
...config[entityID],
callbackUrl: envConfig.samlFederation.callbackURL,
issuer: envConfig.samlFederation.issuer,
});
},
},
async (req: Express.Request, profile, done) => {
try {
const profileUsername: string = samlFederation.getProfileUsername(profile || {});
if (!profileUsername) {
return done(
CustomError(
'Username and email are undefined',
'SAML AUTH',
`Username or email should be defined in SAML profile`
)
);
}
const dbUser = await userService.getUserByUsername(profileUsername);
if (!!dbUser) {
return done(null, dbUser);
}
const createdUser: IUser = await userService.createUser(profile || {});
return done(null, createdUser as Record<string, any>);
} catch (err) {
return done(err);
}
}
);
Passport.use('multi-saml', multiSamlStrategy);
};
和路线:
export const addSamlFederationRoutes = (app: Express.Application) => {
app.get('/auth/saml', Passport.authenticate('multi-saml'));
app.post(
'/auth/saml/callback',
Passport.authorize('multi-saml', { failureRedirect: '/', failureFlash: true }),
userHandler // some handler with user data
);
};
现在我来描述我的问题。
GET /auth/saml 发送请求以查询外部 IdP。当用户转到 IdP 并输入他们的凭据时,他们会使用 url auth/saml/callback 重定向到我们的服务器。这很棒,但我们将中间件 passport.authorize 称为导致调用 MultiSamlStrategy 中的函数 getSamlOptions。但是 IdP 不会在参数中向我发送 entityID,而且我的函数总是发送错误 Entity ID is undefined。所以,我的问题是如何在 IdP 上进行身份验证后避免调用 getSamlOptions。