Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Passport Saml Loop

I'm trying to make a ADFS identification with Passport-Saml.js in a nodejs/angularjs project.

  1. When I'm connecting to my Web Site I'm correctly redirected to my ADFS portal.
  2. ADFS portal, after authentication correctly redirects to callback.
  3. Then the callback loop.

Chrome console when it's looping

That my route (server.js):

app.post('/login/callback',
 function (req, res, next) {
  console.log('before');
  passport.authenticate('saml', function (err, user, info){
    console.log('good');

})(req, res, next);

});

I think it stops working at passport.authenticate('saml',function (err,user, info){ because "before" output message can be seen in the console but nor the "good" as seen in the screenshot. The console

And my passport configuration (/config/passport.js):

var
 fs = require('fs')
 , passport = require('passport')
 , SamlStrategy = require('passport-saml').Strategy
;

passport.serializeUser(function (user, done) {
 done(null, user);
});
passport.deserializeUser(function (user, done) {
 done(null, user);
});

passport.use(new SamlStrategy(
{
  entryPoint: 'https://logon.XXX.com/adfs/ls/',
  issuer: 'urn:backpack-test',
  callbackUrl: ' https://backpack-test.XXX.com/login/callback',
  cert: 'MIIC6D...,
  authnContext:         'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password',
  //acceptedClockSkewMs: -1,
  identifierFormat: null,
  //signatureAlgorithm: 'sha256'
},
function (profile, done) {
 return done(null,
  {
        upn: profile['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'],
        // e.g. if you added a Group claim
        group: profile['http://schemas.xmlsoap.org/claims/Group']
    });
    }
    ));

module.exports = passport;

I suspect my settings might be incorrect but is there any verbose log of passport-Saml in order to narrow down my troubleshooting.

like image 305
Vincent LEAL Avatar asked Jan 06 '16 12:01

Vincent LEAL


People also ask

What is passport SAML?

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node. js authentication library.

How do passport sessions work?

Passport uses serializeUser function to persist user data (after successful authentication) into session. The function deserializeUser is used to retrieve user data from session and perform some condition-based operations. Now all the endpoints hitting the backend server will go through passport.

What is SAML strategy?

SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP). Identity Provider — Performs authentication and passes the user's identity and authorization level to the service provider.


1 Answers

Maybe is this problem: Check this bug

Just add the body-parser

var bodyParser = require('body-parser');
...
app.use(bodyParser.urlencoded({extended: true}));

It worked for me. Maybe it can help others...

like image 124
perseus Avatar answered Oct 13 '22 01:10

perseus