从ADFS处理JWT承载令牌 [英] Handling JWT bearer token from ADFS

问题描述

我正在测试一个Web应用程序API，该API对具有X509证书的ADFS服务器进行身份验证. 为了使用Karate运行测试，我目前使用一个小型.NET应用程序，该应用程序使用安装的证书为SSO协商JWT.然后，我从Fiddler获得了不记名令牌头行，并将其手动放入我的空手道测试中.

I'm testing a web application API that do authentication against an ADFS server with X509 certificates. In order to run tests with Karate, I currently use a small .NET application that negotiates the JWT for SSO using my installed certificate. I then get the bearer token header line from Fiddler and manually put it into my Karate tests.

有一个示例，说明如何在表单字段

There's an example on how to use oauth with form fields here, and I'm looking for the equivalent version when using certificates.

是否有一种聪明的方法来获取承载令牌，而无需手动嗅探并将其注入测试中?

Is there a clever way of getting the bearer token without manually sniffing and injecting it into the tests?

推荐答案

证书支持使其成为0.7.0，您可以在此处找到示例: https://github.com/intuit/karate/tree/master/karate-demo/src/test/java/ssl

Certificate support made it into 0.7.0 and you can find examples here: https://github.com/intuit/karate/tree/master/karate-demo/src/test/java/ssl

希望能助您一臂之力，否则您可能需要深入了解Karate中SSL/Cert支持的这一长线程，并可能添加功能请求:

Hope that gets you on your way, else you may need to dig into this long thread on SSL / Cert support in Karate and perhaps add a feature request: https://github.com/intuit/karate/issues/281

一个想法是，如果您可以修改.NET程序以使其作为命令行应用程序运行并返回令牌或将其保存到文件中，则可以使用Java interop从Karate中调用它，而Runtime.getRuntime().exec(command)-您可以应该能够在网上找到有关如何执行此操作的材料.

One idea is if you can modify your .NET program to run as a command-line app and return the token or save it to a file, you could invoke it from Karate using Java interop, and the Runtime.getRuntime().exec(command) - you should be able to find material on the net on how to do this.

这篇关于从ADFS处理JWT承载令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！