Passport-saml实现
我试图让任何战略的护照工作,但最终我想得到它与SAML实施工作。 现在看来,只要策略被调用,它总是失败。 我想知道如果也许我的服务器处理链设置错了?
` 'use strict'; // ---------------------------------- BEGIN MODULE SCOPE VARIABLES ---------------------------------- var http = require('http'), express = require('express'), session = require('express-session'), path = require("path"), samlStrategy = require('passport-saml').Strategy, passport = require('passport'), //flash = require('connect-flash'), morgan = require('morgan'), app = express(), server = http.createServer(app); // ---------------------------------- END MODULE SCOPE VARIABLES ------------------------------------ // ---------------------------------- BEGIN SERVER CONFIGURATION ------------------------------------ app.configure(function () { app.use(app.router); app.use(express.cookieParser()); app.use(express.bodyParser()); app.use(express.session({ secret: 'keyboard cat' })); app.use(passport.initialize()); app.use(passport.session()); app.use(express.methodOverride()); app.use(morgan('dev')); // log every request to the console app.use(express.static(__dirname + '/public')); }); passport.use('saml', new samlStrategy({ path: '/login/callback', entryPoint: 'https://openidp.feide.no/simplesaml/module.php/openidProvider/user.php/sso', issuer: 'passport-saml', protocol: 'http://', cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w==' //privateCert: fs.readFileSync('./cert.pem', 'utf-8') }, function(profile, done) { console.log("Auth with", profile); if (!profile.email) { return done(new Error("No email found"), null); } // asynchronous verification, for effect... process.nextTick(function () { findByEmail(profile.email, function(err, user) { if (err) { return done(err); } if (!user) { // "Auto-registration" users.push(profile); return done(null, profile); } return done(null, user); }) }); } )); app.get('/XA', passport.authenticate('local-login', { failureRedirect: '/404.html', // redirect failureFlash: false // allow flash messages }) ); app.get('/XA/callback', passport.authenticate('saml', { successRedirect : '/index.html', failureRedirect : '/failure' }));` 我无法从上面确切地知道你的失败是什么,但是你可能想要尝试的一件事是将samlFallback: login-requestparameter passing给你的authentication调用。
如果没有这个,我不相信这个库会把loginredirect到你的SAML提供者的入口点,所以对这个路由的调用看起来就是authentication失败。
–
更新:
从版本0.4.0开始,我只是做了samlFallback: login-request默认值,所以你应该能够更新你的passport-saml版本并且获得正确的行为。