【发布时间】:2022-01-17 15:59:38
【问题描述】:
我正在使用 PassportJS 和 passport-saml 连接到 SSO 服务器。
我想拥有进入 SAML 请求(/login 路由)的 ID,以便使用此 ID 存储密钥。然后在回调中(/login/callback我可以恢复密钥,因为 ID 已传递到 SAML 响应中。
如何访问请求的 SAML?或者至少是 ID?
这是我的登录和回调路由代码:
var samlStrategy = new saml.Strategy({
callbackUrl: "https://somedomain.test/boapi/ssocallback",
entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
issuer: 'issuer-saml',
decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
validateInResponseTo: false,
cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
disableRequestedAuthnContext: true,
acceptedClockSkewMs: 0
}, (profile, done) => {
return done(null, profile);
});
passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));
app.get('/login',
(req, res, next) => {
passport.authenticate('samlStrategy', (err, user, info) => {
// I tried here but it's never called
return;
})(req, res, next);
}
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy'),
(req, res) => {
const firstName = req.user?.firstName
const lastName = req.user?.lastName
const email = req.user?.email
res.send({email, firstName, lastName});
}
);
【问题讨论】:
标签: node.js single-sign-on passport.js passport-saml