0
前面,我會說我是SAML和護照新手。我正嘗試在我的node.js應用程序中使用passport-saml進行SAML身份驗證,但是嘗試通過OpenIdP登錄失敗(OpenIdP用戶配置我已正確使用「passport-saml-example」應用程序)。 「登錄」通過passport.authenticate到OpenIdP我的應用程序與下面的錯誤而失敗:passport-saml openidp登錄「未能打開流」
Exception: Error downloading metadata from "http://192.168.1.11:9050": file_get_contents(http://192.168.1.11:9050): failed to open stream: Connection timed out
Backtrace:
4 /www/openidp.feide.no/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandlerDynamicXML.php:235 (SimpleSAML_Metadata_MetaDataStorageHandlerDynamicXML::getMetaData)
3 /www/openidp.feide.no/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:274 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 /www/openidp.feide.no/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:310 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 /www/openidp.feide.no/simplesamlphp/modules/saml/lib/IdP/SAML2.php:296 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 /www/openidp.feide.no/simplesamlphp/www/saml2/idp/SSOService.php:19 (N/A)
我的護照,SAML配置如下:
passport : {
strategy : 'saml',
saml : {
entryPoint : 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
issuer : 'http://192.168.1.11:9050',
callbackUrl : 'http://192.168.1.11:9050/login/callback'
}
},
我的登錄路由的配置是如下:
// "login" route
app.get("/login",
passport.authenticate(config.passport.strategy, {
successRedirect : "/",
failureRedirect : "/login"
})
);
// "login/callback" route
app.post('/login/callback', function (req, res) {
passport.authenticate(config.passport.strategy,
{
failureRedirect: '/',
failureFlash: true
});
res.redirect('/');
});
這裏是護照中間件設置:
passport.serializeUser(function (user, done) {
db.collection('users').find({email: user.email}).toArray(function (err, result) {
console.log("Passport serialize user: " + user);
if (result.length === 0) {
// User is not in the database, add the user.
var insertData = [{email: user.email, firstName: user.givenName, lastName: user.sn}];
db.collection('users').insert(insertData, function (err, result) {
done(null, insertData);
});
} else {
// User is already in the database, just return their data
done(null, result);
}
});
});
passport.deserializeUser(function (user, done) {
console.log("Passport de-serialize user: " + user);
db.collection('users').find({email: user.email}).toArray(function (err, result) {
console.log("Passport de-serialize result: " + result);
done(null, user);
});
});
passport.use(new SamlStrategy(
{
path : config.passport.saml.callbackUrl,
entryPoint : config.passport.saml.entryPoint,
issuer : config.passport.saml.issuer
},
function (profile, done) {
console.log("Returning SAML authentication: " + profile);
return done(null,
{
id : profile.uid,
email : profile.email,
displayName : profile.cn,
firstName : profile.givenName,
lastName : profile.sn
});
}
));
我相信這和我見過的passport-saml示例配置非常相似;有關我在此配置中缺少的任何想法?