我正在使用PassportJS和passport saml连接到SSO服务器。我想要SAML请求(/login路由(中的ID,以便存储具有该ID的密钥。然后在回调(/login/callback(中,我可以恢复密钥,因为ID被传递到SAML响应中。
如何访问请求的SAML?或者至少是身份证?
以下是我的登录和回调路线代码:
var samlStrategy = new saml.Strategy({
callbackUrl: "https://somedomain.test/boapi/ssocallback",
entryPoint: 'http://192.168.0.1:8080/simplesaml/saml2/idp/SSOService.php',
issuer: 'issuer-saml',
decryptionPvk: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
privateCert: fs.readFileSync(__dirname + '/certs/key.pem', 'utf8'),
validateInResponseTo: false,
cert: fs.readFileSync(__dirname + "/certs/idp_key.pem", "utf8"),
disableRequestedAuthnContext: true,
acceptedClockSkewMs: 0
}, (profile, done) => {
return done(null, profile);
});
passport.use('samlStrategy', samlStrategy);
app.use(passport.initialize({}));
app.use(passport.session({}));
app.get('/login',
(req, res, next) => {
passport.authenticate('samlStrategy', (err, user, info) => {
// I tried here but it's never called
return;
})(req, res, next);
}
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy'),
(req, res) => {
const firstName = req.user?.firstName
const lastName = req.user?.lastName
const email = req.user?.email
res.send({email, firstName, lastName});
}
);
我没有找到SAML请求ID的方法,所以我没有用这个ID存储我的数据,而是在/login路由中设置了一个cookie,然后在/callback路由中读取它。
app.get('/login',
(req, res, next) => {
res.cookie(myDataCookieName, req.query.myData, { maxAge: 1000 * 60 * 15, httpOnly: true, sameSite: "none", secure: true });
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
);
app.post('/login/callback',
(req, res, next) => {
next();
},
passport.authenticate('samlStrategy', {
session: false,
}),
(req, res) => {
const firstName = req.user?.firstName;
const lastName = req.user?.lastName;
const email = req.user?.email;
const myData = req.cookies[myDataCookieName];
res.send({ email, firstName, lastName, myData });
}
);