Passport-SAML：閱讀用戶信息

Question

仍然是小菜一碟！

我正在構建一個Node應用程序，並且我已經設置了各種所需的端點。我的項目的一個要求是使用SAML機制進行身份驗證。我正在使用passport-SAML進行身份驗證。

到目前爲止，我已經能夠設置並使用SAML策略，並且我的應用程序能夠調用idp入口點，並從Idp接收回應。

我無法理解我們如何訪問由idp返回的用戶信息，以便我可以使用SAML返回的用戶信息來創建和維護會話。

const saml = require('passport-saml'); 

module.exports = function (passport, config) { 

    passport.serializeUser(function (user, done) { 
    done(null, user); 
    }); 

    passport.deserializeUser(function (user, done) { 
    done(null, user); 
    }); 

    var samlStrategyOptions = new saml.Strategy(
    { 
     // URL that goes from the Identity Provider -> Service Provider 
     callbackUrl: config.passport.saml.callback_url, 
     // path: config.passport.saml.path, 
     // URL that goes from the Service Provider -> Identity Provider 
     entryPoint: config.passport.saml.entryPoint, 
     issuer: config.passport.saml.issuer, 
     identifierFormat: null, 
     // Service Provider private key 
     decryptionPvk: config.passport.saml.decryptionPvk, 
     // Service Provider Certificate 
     privateCert: config.passport.saml.privateCert, 
     // Identity Provider's public key 
     cert: config.passport.saml.cert, 
     validateInResponseTo: false, 
     disableRequestedAuthnContext: true 
    }, 
    function (profile, done) { 
     return done(null, 
     { 
      id: profile.uid, 
      email: profile.email, 
      displayName: profile.cn, 
      firstName: profile.givenName, 
      lastName: profile.sn 
     }); 
    }) 


    // module.exports.samlStrategyOptions = samlStrategyOptions ; 
    passport.use(samlStrategyOptions); 

}; 

以下是我的快遞

router.route('/login') 

.get(
    passport.authenticate(config.passport.strategy, 
     { 
     successRedirect: '/', 
     failureRedirect: '/login' 
     }) 
); 

router.route('/login/callback/') 

.post(
    passport.authenticate(config.passport.strategy, 
     { 
     failureRedirect: '/', 
     failureFlash: true 
     }), 
    function (req, res) { 

     res.redirect('/'); 
    } 
); 

路由控制器和這是我從IDP響應收到屬性的SAML片段。

<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Shubham123</saml:NameID> 

Answer 1

我變得相同了。所以我必須用身體解析器中間件

// middleware to parse HTTP POST's JSON, buffer, string,zipped or raw and URL encoded data and exposes it on req.body 
app.use(bodyParser.json()); 
// use querystring library to parse x-www-form-urlencoded data for flat data structure (not nested data) 
app.use(bodyParser.urlencoded({ extended: false })); 

，然後你會得到像

{ issuer: '', 
    sessionIndex: '_x0P5ZeWx-ACSQAulKgVTxSquNsVdac_H', 
    nameID: 'auth0|5a266569083226773d5d43a9', 
    nameIDFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', 
    nameQualifier: undefined, 
    spNameQualifier: undefined, 
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier': 'auth0|s9ds', 
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'myuser@q.com', 
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'myuser@q.com', 
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn': 'myuser@q.com', 
    'http://schemas.auth0.com/identities/default/provider': 'auth0', 
    'http://schemas.auth0.com/identities/default/connection': 'Username-Password-Authentication', 
    'http://schemas.auth0.com/identities/default/isSocial': 'false', 
    'http://schemas.auth0.com/email_verified': 'false', 
    'http://schemas.auth0.com/clientID': 'bZVOM5KQmhyir5xEYhLHGRAQglks2AIp', 
    'http://schemas.auth0.com/picture': 'https://s.gravatar.com/avatar/e85e57405a82225ff36b5af793ed287c?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fsu.png', 
    'http://schemas.auth0.com/nickname': 'myuser', 
    'http://schemas.auth0.com/identities': '[object Object]', 
    'http://schemas.auth0.com/updated_at': 'Mon Dec 18 2017 12:14:28 GMT+0000 (UTC)', 
    'http://schemas.auth0.com/created_at': 'Tue Dec 05 2017 09:22:49 GMT+0000 (UTC)', 
    getAssertionXml: [Function] } 

的形象和提取數據，如

{ id: profile["nameID"], userName: profile["http://schemas.auth0.com/nickname"] } 

創建用戶