在 reactjs 中实现单点登录(saml2),无需 express [英] implement single sign on(saml2) in reactjs without express
问题描述
我想在 React where 中使用 wso2 ei 实现 SSO SAML2
I want to implement SSO SAML2 with wso2 ei in React where
- 我去检查我是否通过身份验证
- 如果未通过身份验证,我应该重定向到 sso URL
- 当我在 sso 身份提供者上成功登录时,我使用令牌重定向到我的 React 应用
- 然后将令牌保存到 localstorage 并继续
我已经在 Passport 和 Express 中进行了尝试,其中渲染发生在服务器端.但我希望它在客户端使用 React,步骤:
I have tried it with Passport and Express where rendering is happening on server side. But I want it on the client side with React, steps:
- 我转到我的主页并点击登录页面
- 将我带到 wso2 身份提供商,然后我登录
- 然后我重定向到我的快递应用
推荐答案
简短的回答:你不能那样做.
The short answer: you can't do that.
如果没有后端,您将无法使用 SAML.SAML 要求您注册服务提供商 (SP),该服务提供商必须可通过 SSL 证书进行识别.因此,SP 必须有一个私钥,出于显而易见的原因,您不能将其分发给浏览器客户端.最重要的是,断言端点应该接受 POST HTTP 请求,这在传统上只有服务器才能做到.
You cannot use SAML without a backend. SAML requires you to register a Sercice Provider (SP), which must be identifiable with an SSL cerificate. Therefore the SP must have a private key, which you cannot distribute to a browser client for obvious reasons. On top of that, the assertion endpoint should accept a POST HTTP request, which traditionally only a server can do.
如果您知道要使用哪个 IdP,则可以跳过 IdP 发现,但无法绕过断言阶段.您必须具有 SSO 的断言端点.此端点必须能够解密使用 SP 的公钥加密的消息,因此它必须在服务器上实现.
You can skip the IdP discovery if you know which IdP you wish to use, but the assertion phase cannot be circumvented. You must have an assertion endpoint for the SSO. This endpoint must be able to decrypt messages encrypted with the public key of the SP, so it must be implemented on a server.
为了尽可能接近您想要的结果,您可以将 SP 实现为一个单独的微服务,该服务只有一个(如果您使用 DS 则为两个)端点.登录服务的断言端点可以为用户创建一个令牌,并将他们重定向到在查询变量中携带令牌的前端.
To get as close to what you want as possible, you can implement the SP as a separate microservice that only has one (or two if you're utilizing the DS) endpoint(s). The assertion endpoint of your login service can create a token for the user and redirect them to the frontend carrying the token in a query variable.
这篇关于在 reactjs 中实现单点登录(saml2),无需 express的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
