哪些文件用于带有 passport-saml 的 SAML
Which files use for SAML with passport-saml
我正在尝试将 SAML 与 node.js 和 passport-saml 模块一起使用,但我不明白我应该使用哪个 certificate/key。
我有这些文件:
- mydomain.crt
- mydomain.key
- IntermediateCA.crt
我需要设置 decryptionPvk、decryptionCert 和 privateCert
var samlStrategy = new passportSaml.Strategy({
//--- URL that goes from the Identity Provider -> Service Provider
callbackUrl : 'http://mydomain/login/callback',
//--- URL that goes from the Service Provider -> Identity Provider
entryPoint : 'https://auth.samlserver',
issuer : sails.config.passport.issuer,
//--- Identity Provider's Public Key
cert : sails.config.passport.cert,
//--- Service Provider Certificate
privateCert : fs.readFileSync('./certificats/mydomain.crt', 'utf-8'), // same error with IntermediateCA.crt
//--- Service Provider private key
decryptionPvk : fs.readFileSync('./certificats/mydomain.key', 'utf-8'),
logoutUrl : 'https://auth.samlserver/logout',
passReqToCallback : true,
},
(req, profile, done) => {
console.log('profile :', profile);
return done();
});
对于路由/元数据(使用decryptionCert):
samlStrategy.generateServiceProviderMetadata(fs.readFileSync('./certificats/mydomain.crt', 'utf-8'))
但是我有以下错误信息:
crypto.js:279
var ret = this._handle.sign(toBuf(key), null, passphrase);
^
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Error (native)
at Sign.sign (crypto.js:279:26)
at [object Object].SAML.signRequest (C:\Users\mseron\Documents\dev\node\mysite\node_modules\passport-saml\lib\passport-saml\saml.js:135:34)
at requestToUrlHelper (C:\Users\mseron\Documents\dev\node\mysite\node_modules\passport-saml\lib\passport-saml\saml.js:308:12)
at DeflateRaw.onEnd (zlib.js:227:5)
at emitNone (events.js:85:20)
at DeflateRaw.emit (events.js:179:7)
at endReadableNT (_stream_readable.js:913:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickDomainCallback (internal/process/next_tick.js:122:9)
实际上,对于 mydomain.key,错误消息是
Error: error:0906A068:PEM routines:PEM_do_header:bad password read
我需要使用 mydomain.key 及其密码
在node.js
var samlStrategy = new passportSaml.Strategy({
...
//--- Service Provider Certificate
privateCert : {
key : fs.readFileSync('./certificats/mydomain.key', 'utf-8'),
passphrase : 'strong passphrase'
},
...
},
(req, profile, done) => {
...
});
我正在尝试将 SAML 与 node.js 和 passport-saml 模块一起使用,但我不明白我应该使用哪个 certificate/key。
我有这些文件:
- mydomain.crt
- mydomain.key
- IntermediateCA.crt
我需要设置 decryptionPvk、decryptionCert 和 privateCert
var samlStrategy = new passportSaml.Strategy({
//--- URL that goes from the Identity Provider -> Service Provider
callbackUrl : 'http://mydomain/login/callback',
//--- URL that goes from the Service Provider -> Identity Provider
entryPoint : 'https://auth.samlserver',
issuer : sails.config.passport.issuer,
//--- Identity Provider's Public Key
cert : sails.config.passport.cert,
//--- Service Provider Certificate
privateCert : fs.readFileSync('./certificats/mydomain.crt', 'utf-8'), // same error with IntermediateCA.crt
//--- Service Provider private key
decryptionPvk : fs.readFileSync('./certificats/mydomain.key', 'utf-8'),
logoutUrl : 'https://auth.samlserver/logout',
passReqToCallback : true,
},
(req, profile, done) => {
console.log('profile :', profile);
return done();
});
对于路由/元数据(使用decryptionCert):
samlStrategy.generateServiceProviderMetadata(fs.readFileSync('./certificats/mydomain.crt', 'utf-8'))
但是我有以下错误信息:
crypto.js:279
var ret = this._handle.sign(toBuf(key), null, passphrase);
^
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Error (native)
at Sign.sign (crypto.js:279:26)
at [object Object].SAML.signRequest (C:\Users\mseron\Documents\dev\node\mysite\node_modules\passport-saml\lib\passport-saml\saml.js:135:34)
at requestToUrlHelper (C:\Users\mseron\Documents\dev\node\mysite\node_modules\passport-saml\lib\passport-saml\saml.js:308:12)
at DeflateRaw.onEnd (zlib.js:227:5)
at emitNone (events.js:85:20)
at DeflateRaw.emit (events.js:179:7)
at endReadableNT (_stream_readable.js:913:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickDomainCallback (internal/process/next_tick.js:122:9)
实际上,对于 mydomain.key,错误消息是
Error: error:0906A068:PEM routines:PEM_do_header:bad password read
我需要使用 mydomain.key 及其密码
在node.js
var samlStrategy = new passportSaml.Strategy({
...
//--- Service Provider Certificate
privateCert : {
key : fs.readFileSync('./certificats/mydomain.key', 'utf-8'),
passphrase : 'strong passphrase'
},
...
},
(req, profile, done) => {
...
});