由于回调 url,Passport saml 注销无法正常工作
Passport saml logout is not working because of callback url
我正在使用护照 saml 从 IDP 注销,这是我的代码:
module.exports = function logout(app, samlStrategy, config) {
app.get('/logout', (req, res) => {
const { webUser } = req;
const { role, nameID } = webUser || {};
if (role === ROLENAME_WEB_USER && nameID) {
samlStrategy.logout(req, (err, requestUrl) => {
// redirect to the IdP with the SAML logout request
console.log(`req url is is:${requestUrl}`);
res.redirect(requestUrl);
});
} else {
res.redirect(LOGGED_OUT_URL);
}
});
app.post(config.externalSSO.logoutCallbackPath, (req, res) => {
// console.log('SAML logout callback:');
// console.log(req);
res.redirect(LOGGED_OUT_URL);
});
};
这是我的护照 saml 配置:
loginPath: process.env.EXTERNAL_SSO_LOGIN_PATH,
callbackUrl: process.env.BASE_ADDRESS + process.env.EXTERNAL_SSO_CALLBACK_PATH,
callbackPath: process.env.EXTERNAL_SSO_CALLBACK_PATH,
logoutUrl: process.env.EXTERNAL_SSO_LOGOUT_URL,
// logoutCallbackPath: '/logout/external/callback',
logoutCallbackUrl: process.env.EXTERNAL_SSO_LOGOUT_URL,
metadataPath: `${process.env.EXTERNAL_SSO_LOGIN_PATH}/metadata`,
entryPoint: process.env.EXTERNAL_SSO_ENTRYPOINT,
issuer: process.env.EXTERNAL_SSO_ISSUER,
idpPublicCert: process.env.EXTERNAL_SSO_IDP_CERT,
spPrivateCert: process.env.EXTERNAL_SSO_SP_SIGNING_PRIVATE_KEY,
decryptionPvk: process.env.EXTERNAL_SSO_SP_DECRYPTION_PRIVATE_KEY,
decryptionCert: process.env.EXTERNAL_SSO_SP_DECRYPTION_PUBLIC_KEY,
authnRequestBinding: process.env.EXTERNAL_SSO_AUTHN_REQUEST_BINDING,
问题是我试图摆脱上面代码中的第二个 api 调用,因为重定向到 LOGGED_OUT_URL 停止了我的 SLO 进程,所以我更改并部署在开发环境中我得到了这个例外:
{"error":{"message":"Not found"}}
有线的事情是仍然将我重定向到 logoutCallbackPath url!
问题是护照没有更新 sp 元数据,因为 generateServiceProviderMetadata(decryptionCert, signingCert) 方法有问题。所以我更新了证书并弄清楚了如何重新生成它。
我正在使用护照 saml 从 IDP 注销,这是我的代码:
module.exports = function logout(app, samlStrategy, config) {
app.get('/logout', (req, res) => {
const { webUser } = req;
const { role, nameID } = webUser || {};
if (role === ROLENAME_WEB_USER && nameID) {
samlStrategy.logout(req, (err, requestUrl) => {
// redirect to the IdP with the SAML logout request
console.log(`req url is is:${requestUrl}`);
res.redirect(requestUrl);
});
} else {
res.redirect(LOGGED_OUT_URL);
}
});
app.post(config.externalSSO.logoutCallbackPath, (req, res) => {
// console.log('SAML logout callback:');
// console.log(req);
res.redirect(LOGGED_OUT_URL);
});
};
这是我的护照 saml 配置:
loginPath: process.env.EXTERNAL_SSO_LOGIN_PATH,
callbackUrl: process.env.BASE_ADDRESS + process.env.EXTERNAL_SSO_CALLBACK_PATH,
callbackPath: process.env.EXTERNAL_SSO_CALLBACK_PATH,
logoutUrl: process.env.EXTERNAL_SSO_LOGOUT_URL,
// logoutCallbackPath: '/logout/external/callback',
logoutCallbackUrl: process.env.EXTERNAL_SSO_LOGOUT_URL,
metadataPath: `${process.env.EXTERNAL_SSO_LOGIN_PATH}/metadata`,
entryPoint: process.env.EXTERNAL_SSO_ENTRYPOINT,
issuer: process.env.EXTERNAL_SSO_ISSUER,
idpPublicCert: process.env.EXTERNAL_SSO_IDP_CERT,
spPrivateCert: process.env.EXTERNAL_SSO_SP_SIGNING_PRIVATE_KEY,
decryptionPvk: process.env.EXTERNAL_SSO_SP_DECRYPTION_PRIVATE_KEY,
decryptionCert: process.env.EXTERNAL_SSO_SP_DECRYPTION_PUBLIC_KEY,
authnRequestBinding: process.env.EXTERNAL_SSO_AUTHN_REQUEST_BINDING,
问题是我试图摆脱上面代码中的第二个 api 调用,因为重定向到 LOGGED_OUT_URL 停止了我的 SLO 进程,所以我更改并部署在开发环境中我得到了这个例外:
{"error":{"message":"Not found"}}
有线的事情是仍然将我重定向到 logoutCallbackPath url!
问题是护照没有更新 sp 元数据,因为 generateServiceProviderMetadata(decryptionCert, signingCert) 方法有问题。所以我更新了证书并弄清楚了如何重新生成它。