1. Accueil
  2. Question et réponse
  3. WSO2IS + erreur d'intégration passport-saml node.js

WSO2IS + erreur d'intégration passport-saml node.js

2014-06-16 3 views
0

J'essaie maintenant de tester l'intégration SAML2 en utilisant le serveur wso2is et le module node.js passport-saml. Mais il ne fonctionne pas du côté wso2.WSO2IS + erreur d'intégration passport-saml node.js

serveur node.js rediriger vers le serveur wso2 avec l'assertion SAML. ici est décodée demande SAML assestion

<?xml version="1.0" encoding="UTF-8"?> 
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e62f87ab1740cab74c67" Version="2.0" IssueInstant="2014-06-16T01:16:54.199Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://localhost:3000/login/callback" Destination="https://localhost:9443/samlsso"> 
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">passport-saml</saml:Issuer> 
    <samlp:RequestedAuthnContext Comparison="exact"> 
     <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> 
    </samlp:RequestedAuthnContext> 
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" /> 
</samlp:AuthnRequest>

après que je mets id utilisateur/mot de passe dans WSO2 écran de connexion. j'ai eu une erreur

SAML 2.0 basé Single Sign-On

Erreur lors du traitement de la demande d'authentification!

Est-ce que quelqu'un peut donner un avis à ce sujet?

en configuration wso2is

SP est enregistré et je ne définir la configuration de l'authentification entrante> SAML2 Web SSO Configuration> Émetteur: passeport SAML. Assertion URL du consommateur: http: // localhost: 3000/login/callback

Voici le code Node.js

var express = require('express') 
    , passport = require('passport-debug') 
    , util = require('util') 
    , SamlStrategy = require('../../lib/passport-saml/index').Strategy 
    , fs = require('fs'); 


var users = [ 
    { id: 1, givenName: 'bob', email: '[email protected]' } 
    , { id: 2, givenName: 'joe', email: '[email protected]' } 
]; 

function findByEmail(email, fn) { 
    for (var i = 0, len = users.length; i < len; i++) { 
    var user = users[i]; 
    if (user.email === email) { 
     return fn(null, user); 
    } 
    } 
    return fn(null, null); 
} 


// Passport session setup. 
// To support persistent login sessions, Passport needs to be able to 
// serialize users into and deserialize users out of the session. Typically, 
// this will be as simple as storing the user ID when serializing, and finding 
// the user by ID when deserializing. 
passport.serializeUser(function(user, done) { 
    done(null, user.email); 
}); 

passport.deserializeUser(function(id, done) { 
    findByEmail(id, function (err, user) { 
    done(err, user); 
    }); 
}); 

passport.use(new SamlStrategy(
    { 
    path: '/login/callback', 
    entryPoint: 'https://localhost:9443/samlsso', 
    issuer: 'passport-saml', 

    //protocol: 'http://', 
    //cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='/*, 
    //privateCert: fs.readFileSync('./cert.pem', 'utf-8')*/ 
    }, 
    function(profile, done) { 
    console.log("Auth with", profile); 
    if (!profile.email) { 
     return done(new Error("No email found"), null); 
    } 
    // asynchronous verification, for effect... 
    process.nextTick(function() { 
     findByEmail(profile.email, function(err, user) { 
     if (err) { 
      return done(err); 
     } 
     if (!user) { 
      // "Auto-registration" 
      users.push(profile); 
      return done(null, profile); 
     } 
     return done(null, user); 
     }) 
    }); 
    } 
)); 

var app = express.createServer(); 

// configure Express 
app.configure(function() { 
    app.set('views', __dirname + '/views'); 
    app.set('view engine', 'ejs'); 
    app.use(express.logger()); 
    app.use(express.cookieParser()); 
    app.use(express.bodyParser()); 
    app.use(express.methodOverride()); 
    app.use(express.session({ secret: 'keyboard cat' })); 
    app.use(passport.initialize()); 
    app.use(passport.session()); 
    app.use(app.router); 
    app.use(express.static(__dirname + '/../../public')); 
}); 


app.get('/', function(req, res){ 
    res.render('index', { user: req.user }); 
}); 

app.get('/account', ensureAuthenticated, function(req, res){ 
    res.render('account', { user: req.user }); 
}); 

app.get('/login', 
    passport.authenticate('saml', { failureRedirect: '/error', failureFlash: true,samlFallback:'login-request' }), 
    function(req, res) { 
    res.redirect('/idc'); 
    } 
); 

app.post('/login/callback', 
    passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }), 
    function(req, res) { 
    res.redirect('/idc'); 
    } 
); 

app.get('/logout', function(req, res){ 
    req.logout(); 
    res.redirect('/'); 
}); 

app.listen(3000, function() { 
    console.log("Server listening in http://localhost:3000"); 
}); 

// Simple route middleware to ensure user is authenticated. 
// Use this route middleware on any resource that needs to be protected. If 
// the request is authenticated (typically via a persistent login session), 
// the request will proceed. Otherwise, the user will be redirected to the 
// login page. 
function ensureAuthenticated(req, res, next) { 
    if (req.isAuthenticated()) { return next(); } 
    res.redirect('/login') 
}

commentaire supplémentaire. Après avoir corrigé le code node.js. passport.use (nouveau SamlStrategy (

{ 
    path: '/login/callback', 
    entryPoint: 'https://localhost:9443/samlsso', 
    issuer: 'passport-saml', 
    protocol: 'http://'

WSO2 (idp) réponse affirmation de réponse SAML à node.js module de rappel passeport SAML Voici l'affirmation de réponse SAML de WSO2

<?xml version="1.0" encoding="UTF-8"?> 
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost:3000/login/callback" ID="nnjiingggcmkbagmbndjpcaignnlkcickjadcomp" InResponseTo="_4ca6c18350670c605fa7" IssueInstant="2014-06-16T01:55:28.312Z" Version="2.0"> 
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer> 
    <saml2p:Status> 
     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> 
    </saml2p:Status> 
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="bpplnakjbmabobeeimjihmelgdebhgcinikjfped" IssueInstant="2014-06-16T01:55:28.312Z" Version="2.0"> 
     <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer> 
     <saml2:Subject> 
     <saml2:NameID>admin</saml2:NameID> 
     <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 
      <saml2:SubjectConfirmationData InResponseTo="_4ca6c18350670c605fa7" NotOnOrAfter="2014-06-16T02:00:28.312Z" Recipient="http://localhost:3000/login/callback" /> 
     </saml2:SubjectConfirmation> 
     </saml2:Subject> 
     <saml2:Conditions NotBefore="2014-06-16T01:55:28.312Z" NotOnOrAfter="2014-06-16T02:00:28.312Z"> 
     <saml2:AudienceRestriction> 
      <saml2:Audience>passport-saml</saml2:Audience> 
     </saml2:AudienceRestriction> 
     </saml2:Conditions> 
     <saml2:AuthnStatement AuthnInstant="2014-06-16T01:55:28.312Z"> 
     <saml2:AuthnContext> 
      <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef> 
     </saml2:AuthnContext> 
     </saml2:AuthnStatement> 
    </saml2:Assertion> 
</saml2p:Response>

mais je m'y suis une erreur de passeport SAML côté comme celui-ci

127.0.0.1 - - [Mon, 16 Jun 2014 01:55:28 GMT] "GET /login HTTP/1.1" 302 1282 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chr 
ome/35.0.1916.114 Safari/537.36" 
SAML:authentication has benn called 
SAML:authenticate:error:[object Object] 
SAML:authenticate:error:[object Object] 
SAML authenticate:PostResponse[object Object] 
TypeError: Cannot read property 'Format' of undefined 
    at C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-saml\lib\passpo 
rt-saml\saml.js:425:24 
    at Parser.<anonymous> (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\pass 
port-saml\node_modules\xml2js\lib\xml2js.js:384:20) 
    at Parser.EventEmitter.emit (events.js:95:17) 
    at Object.onclosetag (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passp 
ort-saml\node_modules\xml2js\lib\xml2js.js:348:26) 
    at emit (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-saml\node 
_modules\xml2js\node_modules\sax\lib\sax.js:615:33) 
    at emitNode (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-saml\ 
node_modules\xml2js\node_modules\sax\lib\sax.js:620:3) 
    at closeTag (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-saml\ 
node_modules\xml2js\node_modules\sax\lib\sax.js:861:5) 
    at Object.write (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-s 
aml\node_modules\xml2js\node_modules\sax\lib\sax.js:1294:29) 
    at Parser.exports.Parser.Parser.parseString (C:\Users\bw.cho\AppData\Roaming 
\npm\node_modules\passport-saml\node_modules\xml2js\lib\xml2js.js:403:31) 
    at Parser.parseString (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\pass 
port-saml\node_modules\xml2js\lib\xml2js.js:6:61) 
127.0.0.1 - - [Mon, 16 Jun 2014 01:55:28 GMT] "POST /login/callback HTTP/1.1" 50 
0 1310 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like 
Gecko) Chrome/35.0.1916.114 Safari/537.36"

Il est peu weired que, dans le serveur WSO2is réponse d'assertion SAML.

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer>

I codé Émetteur « passeport SAML », mais dans la réponse SAML il a été changé à localhost do u ont une idée à ce sujet?

wso2IS configuration

ajouté un commentaire. dans SAML Réponse attribue "Format" manquait dans l'élément.

<saml2:NameID>admin</saml2:NameID>

J'ai donc modifié la configuration dans la configuration WSO2 SAML. J'ai ajouté "format NameID" avec "urn: oasis: noms: tc: SAML: 2.0: nom-format: entité" Après cela, il semble que cela fonctionne. En outre, dans la réponse SAML, il n'envoie pas "email" dans l'assertion de réponse SAML, j'ai fait un petit changement de code comme ci-dessous.(Au lieu d'utiliser le courrier électronique, il utilise l'ID utilisateur)

passport.use(new SamlStrategy(
    { 
    path: '/login/callback', 
    entryPoint: 'https://localhost:9443/samlsso', 
    issuer: 'passport-saml', 
    protocol: 'http://', 
    //identifierFormat :'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' 
    identifierFormat :'urn:oasis:names:tc:SAML:2.0:nameid-format:entity' 
    //cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='/*, 
    //privateCert: fs.readFileSync('./cert.pem', 'utf-8')*/ 
    }, 
    function(profile, done) { 
    console.log("Auth with", profile); 
    console.log('Name Id',profile.nameID); 
    if (!profile.nameID) { 
     return done(new Error("No nameId found"), null); 
    } 
    // asynchronous verification, for effect... 
    process.nextTick(function() { 
     findByEmail(profile.nameID, function(err, user) { 
      console.log('User ',user); 
     if (err) { 
      return done(err); 
     } 
     if (!user) { 
      // "Auto-registration" 
      users.push(profile); 
      return done(null, profile); 
     } 
     return done(null, user); 
     }) 
    }); 
    } 
));

mais je toujours eu une erreur dans le passeport SAML

127.0.0.1 - - [Mon, 16 Jun 2014 02:38:05 GMT] "GET /login HTTP/1.1" 302 1322 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chr 
ome/35.0.1916.114 Safari/537.36" 
SAML:authentication has benn called 
SAML:authenticate:error:[object Object] 
SAML:authenticate:error:[object Object] 
SAML authenticate:PostResponse[object Object] 
SAML:authenticate:errornull 
Auth with { issuer: 
    { _: 'localhost', 
    '$': { Format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity' } }, 
    nameID: 'admin', 
    nameIDFormat: 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity' } 
Name Id admin 
User { id: 1, givenName: 'bob', email: 'admin' } 

TypeError: object is not a function 
    at pass (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-debug\lib 
\passport\index.js:249:14) 
    at Passport.serializeUser (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\ 
passport-debug\lib\passport\index.js:251:5) 
    at IncomingMessage.req.login.req.logIn (C:\Users\bw.cho\AppData\Roaming\npm\ 
node_modules\passport-saml\node_modules\passport\lib\http\request.js:48:29) 
    at Context.delegate.success (C:\Users\bw.cho\AppData\Roaming\npm\node_module 
s\passport-debug\lib\passport\middleware\authenticate.js:194:13) 
    at Context.actions.success (C:\Users\bw.cho\AppData\Roaming\npm\node_modules 
\passport-debug\lib\passport\context\http\actions.js:21:25) 
    at verified (C:\Users\bw.cho\AppData\Roaming\npm\node_modules\passport-saml\ 
lib\passport-saml\strategy.js:55:14) 
    at C:\dev\workspaces\node_js\SAML2\app.js:68:16 
    at findByEmail (C:\dev\workspaces\node_js\SAML2\app.js:17:14) 
    at C:\dev\workspaces\node_js\SAML2\app.js:58:7 
    at process._tickCallback (node.js:415:13)

Source

2014-06-16 Terry Cho

Répondre

1

Je peux répondre à la partie des raisons pour lesquelles l'attribut format a été nécessaire sur le nom du sujet - c'est un bug , que j'ai classé au https://github.com/bergie/passport-saml/issues/40.

Heureux de vous entendre travailler!

Source

2014-06-17 17:26:01 ploer

+0

Merci beaucoup. ;) –

Questions connexes

 Questions connexes