使用 Passport-SAML 检索 RelayState 值
Retrieve RelayState value using Passport-SAML
我无法检索 RelayState 值。有人可以指导我或提供 link 相关文档。
这是我目前的设置和路线。
设置
const saml_strategy = new saml.Strategy(
{
'callbackUrl': 'https://callback-url/adfs/postResponse',
'entryPoint': 'https://entry-url/adfs/ls/',
'issuer': 'issuer-name',
'decryptionPvk': fs.readFileSync('./private.key', 'utf-8'),
'cert': [idp_cert],
'identifierFormat': null,
'disableRequestedAuthnContext': true,
'authnContext': ["urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"],
'additionalParams':{'RelayState':'test'}
},
路线
app.get(
'/',
function (req, res) {
if (req.isAuthenticated())
{
res.send( '{ "authenticated": true }' );
}
else
{
res.send( '{ "authenticated": false }' );
}
}
);
app.get(
'/login',
passport.authenticate('saml', { 'successRedirect': '/', 'failureRedirect': '/login' }),
function(req, res)
{
res.redirect('/');
}
);
///login/callback
app.post(
'/adfs/postResponse',
passport.authenticate('saml', { 'failureRedirect': '/', 'failureFlash': true }),
function(req, res)
{
res.redirect('/');
}
);
RelayState 是从初始登录请求页面的查询字符串设置的,然后(前提是 IdP 尊重它),它在回调 POST 响应的正文中可用。
所以在你的情况下,这应该有效:
app.get(
'/login',
function(req, res, next){
// you could redirect to /login?RelayState=whatever, or set query here,
// the value must be encoded for passing in the query string:
req.query.RelayState = encodeURIComponent('my relay state');
},
passport.authenticate('saml', { 'successRedirect': '/', 'failureRedirect': '/login' }),
function(req, res)
{
res.redirect('/');
}
);
app.post(
'/adfs/postResponse',
passport.authenticate('saml', { 'failureRedirect': '/', 'failureFlash': true }),
function(req, res)
{
console.log(`relay state was ${decodeURIComponent(req.body.RelayState)}`);
res.redirect('/');
}
);
我无法检索 RelayState 值。有人可以指导我或提供 link 相关文档。
这是我目前的设置和路线。
设置
const saml_strategy = new saml.Strategy(
{
'callbackUrl': 'https://callback-url/adfs/postResponse',
'entryPoint': 'https://entry-url/adfs/ls/',
'issuer': 'issuer-name',
'decryptionPvk': fs.readFileSync('./private.key', 'utf-8'),
'cert': [idp_cert],
'identifierFormat': null,
'disableRequestedAuthnContext': true,
'authnContext': ["urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"],
'additionalParams':{'RelayState':'test'}
},
路线
app.get(
'/',
function (req, res) {
if (req.isAuthenticated())
{
res.send( '{ "authenticated": true }' );
}
else
{
res.send( '{ "authenticated": false }' );
}
}
);
app.get(
'/login',
passport.authenticate('saml', { 'successRedirect': '/', 'failureRedirect': '/login' }),
function(req, res)
{
res.redirect('/');
}
);
///login/callback
app.post(
'/adfs/postResponse',
passport.authenticate('saml', { 'failureRedirect': '/', 'failureFlash': true }),
function(req, res)
{
res.redirect('/');
}
);
RelayState 是从初始登录请求页面的查询字符串设置的,然后(前提是 IdP 尊重它),它在回调 POST 响应的正文中可用。
所以在你的情况下,这应该有效:
app.get(
'/login',
function(req, res, next){
// you could redirect to /login?RelayState=whatever, or set query here,
// the value must be encoded for passing in the query string:
req.query.RelayState = encodeURIComponent('my relay state');
},
passport.authenticate('saml', { 'successRedirect': '/', 'failureRedirect': '/login' }),
function(req, res)
{
res.redirect('/');
}
);
app.post(
'/adfs/postResponse',
passport.authenticate('saml', { 'failureRedirect': '/', 'failureFlash': true }),
function(req, res)
{
console.log(`relay state was ${decodeURIComponent(req.body.RelayState)}`);
res.redirect('/');
}
);