带有 passport-saml 的 PassportJS,如何获取 SAML 请求 ID?
PassportJS with passport-saml, how to get SAML request ID?
我正在使用 PassportJS 和 passport-saml 连接到 SSO 服务器。
我想要 SAML 请求(/login 路由)中的 ID,以便使用此 ID 存储密钥。然后在回调中(/login/callback 我可以恢复密钥,因为 ID 已传递到 SAML 响应中。
如何访问请求的 SAML?或者至少是 ID ?
这是我的登录和回调路由代码:
var samlStrategy = new saml.Strategy({
callbackUrl: "https://somedomain.test/boapi/ssocallback",
entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
issuer: 'issuer-saml',
decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
validateInResponseTo: false,
cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
disableRequestedAuthnContext: true,
acceptedClockSkewMs: 0
}, (profile, done) => {
return done(null, profile);
});
passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));
app.get('/login',
(req, res, next) => {
passport.authenticate('samlStrategy', (err, user, info) => {
// I tried here but it's never called
return;
})(req, res, next);
}
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy'),
(req, res) => {
const firstName = req.user?.firstName
const lastName = req.user?.lastName
const email = req.user?.email
res.send({email, firstName, lastName});
}
);
我没有找到获取 SAML 请求 ID 的方法,因此我没有使用此 ID 存储我的数据,而是在 /login 路由中设置了一个 cookie,然后在 /callback 中读取它] 路线。
app.get('/login',
(req, res, next) => {
res.cookie(myDataCookieName, req.query.myData, { maxAge: 1000 * 60 * 15, httpOnly: true, sameSite: "none", secure: true });
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
(req, res) => {
const firstName = req.user?.firstName;
const lastName = req.user?.lastName;
const email = req.user?.email;
const myData = req.cookies[myDataCookieName];
res.send({ email, firstName, lastName, myData });
}
);
我正在使用 PassportJS 和 passport-saml 连接到 SSO 服务器。
我想要 SAML 请求(/login 路由)中的 ID,以便使用此 ID 存储密钥。然后在回调中(/login/callback 我可以恢复密钥,因为 ID 已传递到 SAML 响应中。
如何访问请求的 SAML?或者至少是 ID ?
这是我的登录和回调路由代码:
var samlStrategy = new saml.Strategy({
callbackUrl: "https://somedomain.test/boapi/ssocallback",
entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
issuer: 'issuer-saml',
decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
validateInResponseTo: false,
cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
disableRequestedAuthnContext: true,
acceptedClockSkewMs: 0
}, (profile, done) => {
return done(null, profile);
});
passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));
app.get('/login',
(req, res, next) => {
passport.authenticate('samlStrategy', (err, user, info) => {
// I tried here but it's never called
return;
})(req, res, next);
}
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy'),
(req, res) => {
const firstName = req.user?.firstName
const lastName = req.user?.lastName
const email = req.user?.email
res.send({email, firstName, lastName});
}
);
我没有找到获取 SAML 请求 ID 的方法,因此我没有使用此 ID 存储我的数据,而是在 /login 路由中设置了一个 cookie,然后在 /callback 中读取它] 路线。
app.get('/login',
(req, res, next) => {
res.cookie(myDataCookieName, req.query.myData, { maxAge: 1000 * 60 * 15, httpOnly: true, sameSite: "none", secure: true });
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
(req, res) => {
const firstName = req.user?.firstName;
const lastName = req.user?.lastName;
const email = req.user?.email;
const myData = req.cookies[myDataCookieName];
res.send({ email, firstName, lastName, myData });
}
);