Elv*_*iev 3 node.js saml-2.0 openam passport.js
我部署了OpenAM并创建了托管IDP。然后,我想将NodeJs配置为服务提供者,并用passport-saml实现SSO。为此,我必须将node.js应用程序注册为远程服务提供者。
我有两个问题:
为了将NodeJs应用程序注册为远程服务提供者,我必须告知OpenAM URL元数据所在的位置。我怎样才能通过passport-saml获得元数据?
如何配置passport-saml与OpenAM一起使用?
我像这样配置password-saml:
return new SamlStrategy(
{
entryPoint: "http://ndcdr001s:8081/OpenAM-12.0.0/saml2/jsp/idpSSOInit.jsp?"
+ "metaAlias=/idp"
+ "&spEntityID=http://ndcui.local:9000/metadata/",
callbackUrl: 'http://ndcui.local:9000/login/callback/',
logoutUrl: "http://ndcdr001s:8081/OpenAM-12.0.0/saml2/jsp/idpSingleLogoutInit.jsp?"
+ "binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ "&RelayState=http://ndcui.local:9000/saml/logout/callback",
issuer: 'http://ndcui.local:9000/'
},
function (profile, done) {
return done(null,
{
id: profile.id,
email: profile.email,
// displayName: profile.cn,
// firstName: profile.givenName,
// lastName: profile.sn,
sessionIndex: profile.sessionIndex,
saml: {
nameID: profile.nameID,
nameIDFormat: profile.nameIDFormat,
token:profile.getAssertionXml()
}
});
});
然后,我在OpenAM中将“ http://ndcui.local:9000 / metadata / ”注册为SP。
我像这样手动为SP创建元数据:并将其放在此链接“ http://ndcui.local:9000 / metadata / ”下
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="http://ndcui.local:9000/metadata/">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://ndcui.local:9000/logout" Response_Location="http://ndcui.local:9000/saml/logout/callback"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://ndcui.local:9000/login/callback" index="0"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://ndcui.local:9000/login/callback" index="1"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://ndcui.local:9000/login/callback" index="2"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="http://ndcui.local:9000/login/callback" index="3"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="http://ndcui.local:9000/login/callback" index="4"/>
</SPSSODescriptor>
<ContactPerson contactType="technical">
<GivenName>Administrator</GivenName>
<EmailAddress>noreply@example.org</EmailAddress>
</ContactPerson>
</EntityDescriptor>
而我的路线:
app.get('/metadata', function (req, res) {
//Send custom metadata
res.type('application/xml');
res.sendfile(__dirname + "/metadata.xml");
}
);
app.get("/login", passport.authenticate('saml',
{
successRedirect: "/",
failureRedirect: "/login",
})
);
app.post('/login/callback', passport.authenticate('saml',
{
failureRedirect: '/',
failureFlash: true
}),
function (req, res) {
res.redirect('/');
}
);
app.get('/logout', auth.requiresLogin, function (req, res) {
req.user.nameID = req.user.saml.nameID;
req.user.nameIDFormat = req.user.saml.nameIDFormat;
samlStrategy.logout(req, function (err, request) {
if (!err) {
res.redirect(request);
}
});
});
app.get('/saml/logout/callback', auth.requiresLogin, function (req, res) {
//Logout user
req.logout();
res.redirect('/');
});
链接到完整的实施(您将需要谷歌翻译页面)
https://qiita.com/nsp01/items/d1b328e5698f6ffd8345
| 归档时间: |
|
| 查看次数: |
4157 次 |
| 最近记录: |