{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 倾城 Initia 的问题《Node.js passport-saml redirects to localhost:3000/》','https://www.manongdao.com/q-978645.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using the tutorial from www.npmjs.org/package/passport-saml for the SAML. I am a beginner in SAML.
The tutorial says
The SAML identity provider will redirect you to the URL provided by the path configuration
I already have a OpenIdp account. It seems I can successfully login but the redirect URL always sends me to localhost:3000/login/callback which is not present in my code because I changed the 'path' to '/users/login-user-db-saml' or 'www.passporttoken.com:1234/users/login-user-db-saml' (both doesn't work and still sends me to the default login/callback).
I have the code below. What I am doing wrong?
/**start FOR SAML**/
passport.use(new SamlStrategy(
{
path: '/users/login-user-db-saml',
entryPoint: 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
issuer: 'passport-saml'
},
function(profile, done) {
findByEmail(profile.email, function(err, user) {
if (err) {
return done(err);
}
return done(null, user);
});
})
);
app.post('/users/login-user-db-sam',
passport.authenticate('saml', { failureRedirect: '/users/login-user-saml', failureFlash: true }),
function(req, res) {
res.redirect('/');
}
);
app.get('/users/login-user-saml',
passport.authenticate('saml', { failureRedirect: '/users/login-user-saml', failureFlash: true }),
function(req, res) {
res.redirect('/');
}
);
/**End for SAML**/
Have you considered making your SAML Login route a POST request?
SAML wants it to be POST
The problem is in your strategy configuration; especially issuer. Your configuration point to the entity 'passport-saml', which is configured as is. Define your own entity and create settings you need.
I removed the 'path' from the SAML configuration, and instead use a 'callbackUrl' with the full path to the callback specified. I also set 'issuer' as shown below:
You should also configure your SAML SP at OpenIdP on the metadata configuration page: https://openidp.feide.no/simplesaml/module.php/metaedit/edit.php - set the AssertionConsumerServiceURL on the SAML 2.0 tab to be your callbackUrl, and set the entityID to be the 'issuer' above.