Comments (14)
Sorry. This was a silly mistake. Forgot to return the Stratergy on line 3.
from passport-wsfed-saml2.
A complete simple example would be helpful though.
from passport-wsfed-saml2.
hi @mithun-daa sorry or the delay, I just saw your message on twitter.
Thanks for the feedback, Do you think we can improve the examples/
directory?
There are two examples there
from passport-wsfed-saml2.
I did download the examples. First off, I am not using ADFS but using Thinktecture's Identity Server. I don't see why this strategy wouldn't work with it.
I got the login example working with the newest version of express and all the middleware but I keep getting stuck in this loop - the login endpoint redirects me to my Identity Server's login page (as expected), after entering my credentials there it posts to the /login/callback
but looks like the
passport.authenticate('wsfed-saml2', { failureRedirect: '/', failureFlash: true }),
line is redirecting me back to the Identity Server. If I comment that line it doesn't redirect me back to the Identity Server but regardless of what I do I do not see anything in my req.user
- it is always undefined.
Also, I never seem to hit the callback function while setting up the Strategy:
passport.use(new wsfedsaml2(
{
path: '/login/callback',
realm: 'urn:node:app',
homeRealm: '', // specify an identity provider to avoid showing the idp selector
identityProviderUrl: 'https://myIdSrv/issue/wsfed',
thumbprint: 'xxx'
},
function(profile, done) {
console.log("Auth with", profile);
));
from passport-wsfed-saml2.
I don't see why it will redirect you back to the auth server, have you setup passport session as in the two examples?
Can you show me your entire example?
If you could open chrome dev tools before trying the authentication workflow and then exporting the network tab to a HAR file and send me that har it will help.
Thanks
from passport-wsfed-saml2.
Here you go. This is pretty much the same example as the one in the repo - the Login
example but has been updated to use Express 4.0. I will send in a pull request if it ends up working.
var express = require('express')
, passport = require('passport')
, util = require('util')
, wsfedsaml2 = require('passport-wsfed-saml2').Strategy
, fs = require('fs')
, morgan = require('morgan')
, cookieParser = require('cookie-parser')
, bodyParser = require('body-parser')
, methodOverride = require('method-override')
, session = require('express-session');
var users = [
{ id: 1, givenName: 'matias', email: '[email protected]' }
, { id: 2, givenName: 'foo', email: '[email protected]' }
];
function findByEmail(email, fn) {
for (var i = 0, len = users.length; i < len; i++) {
var user = users[i];
if (user.email === email) {
return fn(null, user);
}
}
return fn(null, null);
}
// Passport session setup.
// To support persistent login sessions, Passport needs to be able to
// serialize users into and deserialize users out of the session. Typically,
// this will be as simple as storing the user ID when serializing, and finding
// the user by ID when deserializing.
passport.serializeUser(function(user, done) {
done(null, user.email);
});
passport.deserializeUser(function(id, done) {
findByEmail(id, function (err, user) {
done(err, user);
});
});
passport.use(new wsfedsaml2(
{
path: '/login/callback',
realm: 'urn:node:app',
homeRealm: '', // specify an identity provider to avoid showing the idp selector
identityProviderUrl: 'https://xxx/issue/wsfed',
// setup either a certificate base64 encoded (cer) or just the thumbprint of the certificate if public key is embedded in the signature
thumbprint: 'xxxx'
},
function(profile, done) {
console.log("Auth with", profile);
if (!profile.email) {
return done(new Error("No email found"), null);
}
// asynchronous verification, for effect...
process.nextTick(function () {
console.log('In!!');
findByEmail(profile.email, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
users.push(profile);
return done(null, profile);
}
return done(null, user);
})
});
}
));
var app = express();
var router = express.Router();
// configure Express
// app.configure(function() {
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(morgan('combined'));
app.use(cookieParser());
app.use(bodyParser.text());
app.use(methodOverride());
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
app.use('', router);
app.use(express.static(__dirname + '/../../public'));
// });
app.get('/', function(req, res){
res.render('index', { user: req.user });
});
app.get('/account', ensureAuthenticated, function(req, res){
res.render('account', { user: req.user });
});
app.get('/login',
passport.authenticate('wsfed-saml2', { failureRedirect: '/', failureFlash: true }),
function(req, res) {
res.redirect('/');
}
);
app.post('/login/callback',
passport.authenticate('wsfed-saml2', { failureRedirect: '/', failureFlash: true }),
function(req, res) {
console.log(req.body);
console.log(req.user);
res.redirect('/');
}
);
app.get('/logout', function(req, res){
req.logout();
res.redirect('/');
});
app.listen(3000, function () {
console.log("Server listening in http://localhost:3000");
});
// Simple route middleware to ensure user is authenticated.
// Use this route middleware on any resource that needs to be protected. If
// the request is authenticated (typically via a persistent login session),
// the request will proceed. Otherwise, the user will be redirected to the
// login page.
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
from passport-wsfed-saml2.
I can't see any obvious error in the code, would you mind to send me a har?
Maybe to jose at auth0.com
Thanks
from passport-wsfed-saml2.
Pardon my ignorance, but what is a har?
from passport-wsfed-saml2.
@mithun-daa https://auth0.com/docs/har
Thanks
from passport-wsfed-saml2.
Sent!
from passport-wsfed-saml2.
The har looks fine, Thinktecture's Identity Server is returning you the assertion..
One thing that I think is wrong in your example, you are missing a bodyParser for urlencoded content, the only parsing middleware is this:
app.use(bodyParser.text());
I know that express 4 doesn't have bodyParser per se, but you can use this :
https://github.com/expressjs/body-parser
var bodyParser = require('body-parser');
app.use(bodyParser.urlencoded());
I think this is your problem, the strategy can't find req.body.wsresult
to validate the assertion:
https://github.com/auth0/passport-wsfed-saml2/blob/master/lib/passport-wsfed-saml2/strategy.js#L96-L103
Let me know if it works with that.
from passport-wsfed-saml2.
I udpated the body parser to use URL encoded and looks like i got a step further but i run into the following error:
TypeError: Cannot read property 'firstChild' of undefined
at Object.WsFederation.extractToken (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\passport-wsfed-saml2\lib\passport-wsfed-saml2\wsfederation.js:33:119)
at Strategy._authenticate_saml (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\passport-wsfed-saml2\lib\passport-wsfed-saml2\strategy.js:45:27)
at executeWsfed (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\passport-wsfed-saml2\lib\passport-wsfed-saml2\strategy.js:101:14)
at Strategy.authenticate (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\passport-wsfed-saml2\lib\passport-wsfed-saml2\strategy.js:145:7)
at attempt (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\passport\lib\middleware\authenticate.js:341:16)
at authenticate (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\passport\lib\middleware\authenticate.js:342:7)
at Layer.handle [as handle_request] (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\express\lib\router\layer.js:82:5)
at next (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\express\lib\router\route.js:110:13)
at Route.dispatch (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\express\lib\router\route.js:91:3)
at Layer.handle [as handle_request] (D:\Playground\passport-wsfed-saml2\examples\login\node_modules\express\lib\router\layer.js:82:5)
I now see that the body does have a wresult
property. Looks like the XML that wsfederation.js
is expecting is different. It is looking for http://schemas.xmlsoap.org/ws/2005/02/trust
and cannot find it.
I am emailing you the value of the wresult
property.
from passport-wsfed-saml2.
Good man, you are very close.
It looks like the response has a different namespace. We use:
- we use this:
http://schemas.xmlsoap.org/ws/2005/02/trust
- thinktecture use this:
http://docs.oasis-open.org/ws-sx/ws-trust/200512
Do you know if thinktecture has a way to change this?
from passport-wsfed-saml2.
Sweet! I changed the namespace in wsfederation.js
to the one that thinktecture uses and it worked :). I will look into to see if I can change the namespace that thinktecture sets so it would be consistent. Thank you very much for all the help.
from passport-wsfed-saml2.
Related Issues (20)
- authentication callback HOT 3
- keep reference to original requested url HOT 2
- Tag AttributeStatement missing from SAML response HOT 1
- Problem with multple servers HOT 8
- Is this production ready? HOT 2
- Requires .NET Framework 2.0 SDK?
- Build Fails with npm install HOT 6
- Strategy options based on req HOT 1
- Updating dependency xmldom for the 2.x.x stream to solve breaking builds
- Updating passport-wsfed-saml2 to version 3.0.17 from 2.12.0 breaks login : Returns profile as false HOT 1
- Unable to install 3.0.17 with Node 12.x HOT 4
- Uncaught type error when signingKey is missing a key property
- Unable to `npm install` on node versions 10+ HOT 3
- On a strange and undocumented behavior of the homeRealm strategy option
- Issue with deep dependency node-forge HOT 1
- How to generate URL with SAMLRequest parameter using this library? HOT 1
- auth0 / xml-crypto creates security vulnerability
- Thumbprint check fails when the XML signing cert is rotated
- Security issues with deep dependencies HOT 2
- Update for reported security vulnerability HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-wsfed-saml2.