HTTP 400: Bad Request error in ADFS HTTPS Request

Question

I am writing a Node.js app and am trying to integrate an ADFS server to get authentication. For that, I am using wstrust-client, and using the ADFS Server URL as my endpoint. My code so far is:

app.get('/login', function(req, res) {
    trustClient.requestSecurityToken({
        scope: 'https://mycompany.com',
        username: "username",
        password: "password",
        endpoint: 'https://[adfs server]/adfs/services/trust/13/usernamemixed'
    }, function (rstr) {
         // Access the token
        var rawToken = rstr.token;
        console.log('raw: ' + rawToken);
    }, function(error) {
        console.log(error)
    }); 
});    

I am requesting https through wstrust-client

My code in wstrustclient.js so far is:

var req = https.request(post_options, function(res) {
    res.setEncoding('utf8');
    res.on('data', function(data) {
        console.log("Entered res")

        var rstr = {
            token: parseRstr(data),
            response: res,
        };

        callback(rstr);
    }); 
});

req.write(message);
req.end();
req.on('error', function (e) { 
console.log("******************************");
console.log(e);
console.log("******************************");

However, it is throwing this error:

******************************
{ [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
    stack: 'Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE\n   
    at SecurePair.<anonymous> (tls.js:1253:32)\n    
    at SecurePair.EventEmitter.emit (events.js:91:17)\n    
    at SecurePair.maybeInitFinished (tls.js:865:10)\n    
    at CleartextStream.read [as _read] (tls.js:416:15)\n  
    at CleartextStream.Readable.read (_stream_readable.js:231:10)\n  
    at EncryptedStream.write [as _write] (tls.js:329:25)\n  
    at EncryptedStream.Writable.write (_stream_writable.js:176:8)\n  
    at write (_stream_readable.js:496:24)\n 
    at flow (_stream_readable.js:506:7)\n    
    at Socket.pipeOnReadable (_stream_readable.js:538:5)' }
    ******************************
    ******************************
    { [Error: read ECONNRESET]
        stack: 'Error: read ECONNRESET\n   
        at errnoException (net.js:846:11)\n  
        at TCP.onread (net.js:508:19)',
        code: 'ECONNRESET',
        errno: 'ECONNRESET',
        syscall: 'read' }
    ******************************

When I browse the same endpoint URL in a browser, it throws HTTP 400: Bad Request

I know that it's an SSL type error, and that it's from the server-side. However, I don't know why it's throwing the error and what might be wrong server-side. What do I need to change?

Answer 1

As per the OpenSSL manual here:

21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate no signatures could be verified because the chain contains only one certificate and it is not self signed.

With that in mind, it seems that you may need to sign your certificate.