jos*_*nas 5 authentication saml single-sign-on node.js nestjs
我正在nestjs中使用saml进行身份验证我正在使用passport-saml包我将页面正确定向到microsoft登录,但在回调路由中我没有获得配置文件数据,我想要的是让该人进行身份验证saml,之后系统中会生成令牌承载者,到目前为止,正如我之前提到的,我还无法获取启动会话的用户的数据。
auth.module.ts
import { AuthController } from './auth.controller';
import { Saml2Strategy } from './strategies/saml.strategy';
import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
@Module({
controllers: [AuthController],
providers: [AuthService, Saml2Strategy],
})
export class AuthModule {}
控制器的路由是get('saml'),它寻址正确,但是当返回回调url时我无法获取该人的数据。auth.controller.ts
import { Saml2Strategy } from './strategies/saml.strategy';
import {
Controller,
Get,
Post,
UseGuards,
Res,
Req,
Request,
Body,
} from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { ApiTags } from '@nestjs/swagger';
const passport = require('passport');
const SamlStrategy = require('passport-saml').Strategy;
import { ConfigSaml } from './../user/controllers/config';
const fs = require('fs');
@ApiTags('Auth')
@Controller('auth')
export class AuthController {
public config: ConfigSaml;
public userData: any;
constructor() {
this.config = new ConfigSaml();
}
@Get('saml')
@UseGuards(AuthGuard('saml'))
samlLogin() {
}
@Post('/callback')
async callback(@Request() req, @Body() body: any) {
if (req.isAuthenticated()) {
console.log('autenticado');
}
}
}
saml.strategy.ts
import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { passport } from 'passport';
var SamlStrategy = require('passport-saml').Strategy;
const fs = require('fs');
@Injectable()
export class Saml2Strategy extends PassportStrategy(SamlStrategy, 'saml') {
constructor() {
super({
entryPoint: process.env.SAML_ENTRY_POINT,
issuer: process.env.SAML_ISSUER,
callbackUrl: process.env.SAML_CALLBACK_URL,
cert: fs.readFileSync(
process.cwd() +
'/src/modules/auth/strategies/' +
process.env.SAML_CERT ||
process.cwd() + '/src/modules/auth/strategies/certificate.pem',
'utf-8',
),
function(profile, done) {
console.log('profile in strategy', profile);
return done(null, {
id: profile.nameID,
email:
profile[
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
],
displayName:
profile['http://schemas.microsoft.com/identity/claims/displayname'],
firstName:
profile[
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'
],
lastName:
profile[
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'
],
});
},
});
}
}
这似乎是一个旧查询...我猜在这里您正在尝试将 SAML 响应作为 Profile 对象获取,该对象由 Passport-saml 策略提供
因此,要将 SAML 响应作为 Profile 对象检索,您'@Post('/callback')'还需要在回调 API 中设置相同的防护,您已在'@Get('saml')'API 中使用了该防护,即
@UseGuards(AuthGuard('saml'))
所以你更新的代码块将是:
import { Saml2Strategy } from './strategies/saml.strategy';
import {
Controller,
Get,
Post,
UseGuards,
Res,
Req,
Request,
Body,
} from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { ApiTags } from '@nestjs/swagger';
const passport = require('passport');
const SamlStrategy = require('passport-saml').Strategy;
import { ConfigSaml } from './../user/controllers/config';
const fs = require('fs');
@ApiTags('Auth')
@Controller('auth')
export class AuthController {
public config: ConfigSaml;
public userData: any;
constructor() {
this.config = new ConfigSaml();
}
@Get('saml')
@UseGuards(AuthGuard('saml'))
samlLogin() {
}
@Post('/callback')
@UseGuards(AuthGuard('saml'))
async callback(@Request() req, @Body() body: any) {
if (req.isAuthenticated()) {
console.log('autenticado');
}
}
}
| 归档时间: |
|
| 查看次数: |
3871 次 |
| 最近记录: |