可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

I am using the tutorial from www.npmjs.org/package/passport-saml for the SAML. I am a beginner in SAML.

The tutorial says

The SAML identity provider will redirect you to the URL provided by the path configuration

I already have a OpenIdp account. It seems I can successfully login but the redirect URL always sends me to localhost:3000/login/callback which is not present in my code because I changed the 'path' to '/users/login-user-db-saml' or 'www.passporttoken.com:1234/users/login-user-db-saml' (both doesn't work and still sends me to the default login/callback).

I have the code below. What I am doing wrong?

/**start FOR SAML**/
passport.use(new SamlStrategy(
    {
        path: '/users/login-user-db-saml',
        entryPoint: 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
        issuer: 'passport-saml'
    },
    function(profile, done) {
        findByEmail(profile.email, function(err, user) {
            if (err) {
                return done(err);
            }
            return done(null, user);
        });
    })
);

app.post('/users/login-user-db-sam',
    passport.authenticate('saml', { failureRedirect: '/users/login-user-saml', failureFlash: true }),
    function(req, res) {
        res.redirect('/');
    }
);

app.get('/users/login-user-saml',
    passport.authenticate('saml', { failureRedirect: '/users/login-user-saml', failureFlash: true }),
    function(req, res) {
        res.redirect('/');
    }
);
/**End for SAML**/

回答1:

I removed the 'path' from the SAML configuration, and instead use a 'callbackUrl' with the full path to the callback specified. I also set 'issuer' as shown below:

    saml : {
      entryPoint : 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
      issuer : 'http://192.168.56.101:3000',
      callbackUrl : 'http://192.168.56.101:3000/login/callback' 
    }

You should also configure your SAML SP at OpenIdP on the metadata configuration page: https://openidp.feide.no/simplesaml/module.php/metaedit/edit.php - set the AssertionConsumerServiceURL on the SAML 2.0 tab to be your callbackUrl, and set the entityID to be the 'issuer' above.

回答2:

Have you considered making your SAML Login route a POST request?

SAML wants it to be POST

回答3:

The problem is in your strategy configuration; especially issuer. Your configuration point to the entity 'passport-saml', which is configured as is. Define your own entity and create settings you need.