使用 Http-post 方法在护照 saml 中实现注销功能 [英] implementing a logout functionality in passport-saml using Http-post method

问题描述

我们已经实施了 SAML SSO，我们也使用了 Passport-saml.登录使用http-post"作为 authnRequestBinding 完美运行.但我找不到任何这样的注销方法.看来注销默认为 http 重定向，这不能正常工作.

We have implemented a SAML SSO ,we have used passport-saml for the same. The login works perfectly using "http-post" as authnRequestBinding.But I am unable to find any such method for logout . it appears logout defaults to http redirection and this does not work correctly.

推荐答案

首先，你需要在配置文件中为passport定义logoutUrl和logoutCallback——山姆.logoutUrl 是您的服务器将发送 logoutRequest 的 URL.所以它是从您使用的身份提供者那里获得的 URL.logoutCallback 顾名思义，即在注销完成后将由浏览器(通过重定向)调用的 callbackUrl.添加这些配置的方法如下:

First of all, you need to define the logoutUrl and logoutCallback in the config for the passport-saml. The logoutUrl is the url where your server will send the logoutRequest. So it is an URL got from the identity provider you are using. The logoutCallback is as the name says, the callbackUrl which will be called by the browser (through redirect) after logout is done. Here's how you add those configurations:

module.exports = {
  development: {
    app: {
      name: 'Passport SAML strategy example',
      port: process.env.PORT || 8443
    },
    passport: {
      strategy: 'saml',
      saml: {
        logoutUrl: 'idp-logout-url-here',
        logoutCallback: 'your-logout-callback-url-here'
      }
    }
  }
};

然后您需要在代码中的某处使用 SamlStrategy，您将在其中使用上面定义的配置.当然配置也会有其他变量，我暂时把注销相关的变量放在那里.

Then you need to have the SamlStrategy somewhere in your code, where you will use the config defined above. Of course the config will have other variables as well, I just put the logout related variables there for now.

最后，您需要在您的节点应用程序中定义自己的注销路由，它会在调用时启动注销过程:

Finally, you need to have your own logout route defined in your node application, which will initiate the logout process when called:

  app.get('/logout', function(req, res) {
    if (req.user == null) {
      return res.redirect('/');
    }
    return SamlStrategy.logout(req, function(err, uri) {
      return res.redirect(uri);
    });
  });

从上面可以看出，它会调用SamlStrategy中定义的注销函数.所以在passport-saml策略中定义了一个注销功能.如上所示，您需要给它一个回调函数，然后它将响应重定向到 uri.该 uri 将是您之前定义的 logoutCallback url.

As you can see from above, it will call the logout function defined in the SamlStrategy. So there is a logout function defined in the passport-saml strategy. As in the above, you need to give it a callback function, which will then redirect the response to the uri. That uri will be the logoutCallback url you defined earlier.

如果您想知道那里的 SamlStrategy 是什么，它实际上是passport-saml 的策略.我可以告诉你如何让它工作.例如，在一个名为saml-strategy.js"的单独文件中，输入:

If you're wondering what is the SamlStrategy there, it is actually the strategy of the passport-saml. I can show you how to get it working. In a separate file, called 'saml-strategy.js' for example, put this:

const SamlStrategy = require('passport-saml').Strategy;
var config = require('./config.js')['development'];

module.exports = new SamlStrategy(
  {
    otherImportantvariable1: config.passport.saml.OtherImportantvariable1,
    logoutUrl: config.passport.saml.logoutUrl,
    logoutCallback: config.passport.saml.logoutCallback
  }
  function (profile, done) {
    user = Object.assign({}, profile);
    return done(null, user);
  }
);

以与上面定义的注销相关变量相同的方式插入所有重要的配置变量.包括在第一步中创建的配置.

Insert all your important config variables same way as the logout related variables are defined above. Include the config created in the first step.

然后您可以将 SamlStrategy 要求到您拥有路线的同一个文件中:

Then you can just require the SamlStrategy to the same file where you have your routes:

const SamlStrategy = require('../config/saml-strategy');

有不清楚的地方请追问！

Please ask if anything is unclear!

这篇关于使用 Http-post 方法在护照 saml 中实现注销功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！