Bluemix Single Sign On不显示login页面
我做了教程,使用IoT Foundation Service和.js样板可视化我的树莓派中的数据。
我按照下面的教程:
一切工作正常。
现在我尝试添加单点login服务进行身份validation。 我创build了一个云registry,并添加了两个testing用户。 之后,我将服务绑定到了我的物联网可视化.js应用程序,并执行了将应用程序与服务集成的步骤。 我遵循这个官方文档步骤(点“configurationNode.js应用程序”):
http://www.ng.bluemix.net/docs/services/SingleSignOn/configure_apps.html#tsk_configuringnodejsapp_express4
我修改了我的电脑上的文件,并使用CL CLI上传它们。 问题是,它没有改变任何东西。 我可以像以前一样访问我的应用程序,但没有看到任何login页面。
这是我的文件:
的package.json
{ "name": "iot-visualization", "version": "0.1.0", "private": true, "scripts": { "start": "node app.js" }, "dependencies": { "passport": "*", "cookie-parser": "*", "express-session": "*", "passport-idaas-openidconnect": "*", "express": "~4.2.0", "serve-favicon": "~2.1.0", "morgan": "~1.0.0", "cookie-parser": "~1.0.1", "body-parser": "~1.0.0", "debug": "~0.7.4", "jade": "~1.3.0", "stylus": "0.42.3", "express-session": "^1.8.1" } } app.js(URL修改)
/******************************************************************************* * Copyright (c) 2014 IBM Corporation and other Contributors. * * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html * * Contributors: * IBM - Initial Contribution *******************************************************************************/ var express = require('express'); var path = require('path'); var favicon = require('serve-favicon'); var logger = require('morgan'); var cookieParser = require('cookie-parser'); var bodyParser = require('body-parser'); var session = require('express-session'); var index = require('./routes/index'); var app = express(); var http_host = (process.env.VCAP_APP_HOST || '0.0.0.0'); var http_port = (process.env.VCAP_APP_PORT || 7000); app.set('port', http_port); app.set('host',http_host); // view engine setup app.set('views', path.join(__dirname, 'views')); app.set('view engine', 'jade'); //use favicon app.use(favicon(__dirname + '/public/images/favicon.ico')); app.use(logger('dev')); app.use(bodyParser.json()); app.use(bodyParser.urlencoded()); app.use(cookieParser()); // add session to store the api-key and auth token in the session app.use(session({secret: 'xxxxxxxxxx',saveUninitialized: true, resave: true})); app.use(require('stylus').middleware(path.join(__dirname, 'public'))); var passport = require('passport'); var cookieParser = require('cookie-parser'); var session = require('express-session'); app.use(cookieParser()); app.use(session({resave: 'true', saveUninitialized: 'true' , secret: 'keyboard cat'})); app.use(passport.initialize()); app.use(passport.session()); passport.serializeUser(function(user, done) { done(null, user); }); passport.deserializeUser(function(obj, done) { done(null, obj); }); // VCAP_SERVICES contains all the credentials of services bound to // this application. For details of its content, please refer to // the document or sample of each service. var services = JSON.parse(process.env.VCAP_SERVICES || "{}"); var ssoConfig = services.SingleSignOn[0]; var client_id = ssoConfig.credentials.clientId; var client_secret = ssoConfig.credentials.secret; var authorization_url = ssoConfig.credentials.authorizationEndpointUrl; var token_url = ssoConfig.credentials.tokenEndpointUrl; var issuer_id = ssoConfig.credentials.issuerIdentifier; var callback_url = 'https://xxxxx.mybluemix.net/auth/sso/callback'; var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy; var Strategy = new OpenIDConnectStrategy({ authorizationURL : authorization_url, tokenURL : token_url, clientID : client_id, scope: 'openid', response_type: 'code', clientSecret : client_secret, callbackURL : callback_url, skipUserProfile: true, issuer: issuer_id}, function(iss, sub, profile, accessToken, refreshToken, params, done) { process.nextTick(function() { profile.accessToken = accessToken; profile.refreshToken = refreshToken; done(null, profile); }) }); passport.use(Strategy); app.get('/login', passport.authenticate('openidconnect', {})); function ensureAuthenticated(req, res, next) { if(!req.isAuthenticated()) { req.session.originalUrl = req.originalUrl; res.redirect('/login'); } else { return next(); } } app.get('/auth/sso/callback',function(req,res,next) { var redirect_url = req.session.originalUrl; passport.authenticate('openidconnect', { successRedirect: redirect_url, failureRedirect: '/failure', })(req,res,next); }); app.get('/failure', function(req, res) { res.send('login failed'); }); app.use(express.static(path.join(__dirname, 'public'))); app.use('/',index); app.use(function(req, res, next) { if(req.session.api_key) res.redirect("/dashboard"); else res.redirect('/login'); }); /// error handlers // development error handler // will print stacktrace if (app.get('env') === 'development') { app.use(function(err, req, res, next) { res.status(err.status || 500); res.render('error', { message: err.message, error: err }); }); } // production error handler // no stacktraces leaked to user app.use(function(err, req, res, next) { res.status(err.status || 500); res.render('error', { message: err.message, error: {} }); }); var server = app.listen(app.get('port'), app.get('host'), function() { console.log('Express server listening on ' + server.address().address + ':' + server.address().port); }); module.exports = app;
有任何想法吗?
//编辑
我刚开始教程时没有.cfignore文件。 所以我创build了一个在我的应用程序的根文件夹中有以下内容:
node_modules/passport node_modules/cookie-parser node_modules/express-session node_modules/passport-idaas-openidconnect
这是正确的,为什么我以前没有这个文件与教程的内容:
node_modules
首先我假设variablescallback_url的值是“xxxxx.mybluemix.net/auth/sso/callback”。 如果不是,则应该用您的应用程序名称replace“xxxxx”。
正如单一login报告- configuration一个Node.js应用程序文档:
passport-idaas-openidconnect模块与0.1.1到0.3.2的护照版本一起使用。 晚于0.3.2的版本可能无法正常工作。
我会确保你使用正确的护照版本(例如)在你的package.json这行
"passport": "^0.2.2",
如果你希望你可以简化你的callback函数以达到如下的testing目的(它可能会抛出一个错误,找不到req.session.originalUrl)并在以后展开:
app.get('/auth/sso/callback',function(req,res,next) { passport.authenticate('openidconnect', { successRedirect: "/home", failureRedirect: '/failure', } )(req,res,next); });
剩下的代码对我来说似乎还可以,因为已经build议您必须将“ensureAuthenticated”函数链接到要在身份validation之下放置的每个app.get,app.post等。
例如,尝试执行如下操作:
app.get('/home', ensureAuthenticated, function(req, res) { var htmlSplashPage = "<!DOCTYPE html> <html> <body> <h1>Hello "+JSON.stringify(req.session.passport.user._json.displayName)+"</h1></body> </html>"; res.writeHead(200, {'Content-Type': 'text/html','Content-Length':htmlSplashPage.length}); res.write(htmlSplashPage); res.end(); });
这样做时,在调用/ home之前,先调用函数ensureAuthenticated,然后才能执行下一个函数(home),否则将被redirect到login页面。
您需要将ensureAuthenticated函数添加到快速中间件堆栈中。 每当向您的应用程序发出请求时,都需要调用该函数。 例如,您可以将其添加到所有请求,通过添加到您的应用程序:
app.use(ensureAuthenticated);