当我尝试在我的项目上使用 samlify 使用 SAML 进行 Okta 验证时
import * as samlify from 'samlify';
import * as fs from 'fs';
import * as validator from '@authenio/samlify-node-xmllint';
const binding = samlify.Constants.namespace.binding;
samlify.setSchemaValidator(validator);
const filePathIdpMeta = __dirname + '/../' + 'meta1123/meta/Testv2-xml-idp.xml';
const filePathSPMeta = __dirname + '/../' + 'meta1123/meta/Testv2-xml-sp.xml';
const filePathSpKey = __dirname + '/../' + 'meta1123/key/encryptKey.pem';
console.info("----PATHS----")
console.info(filePathIdpMeta);
console.info(filePathSPMeta);
console.info(filePathSpKey);
const idp = samlify.IdentityProvider({
metadata: fs.readFileSync(filePathIdpMeta),
messageSigningOrder: 'sign-then-encrypt',
isAssertionEncrypted: true,
wantAuthnRequestsSigned: false
})
目前我收到以下错误:
http://www.w3.org/2001/04/xmlenc#rsa-1_5 is no longer recommended due to security reasons. Please deprecate its use as soon as possible.
Error: Not found: child not in parent
at assertPreInsertionValidity1to5 (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/node_modules/@xmldom/xmldom/lib/dom.js:798:9)
at _insertBefore (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/node_modules/@xmldom/xmldom/lib/dom.js:938:2)
at Document.replaceChild (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/node_modules/@xmldom/xmldom/lib/dom.js:1054:3)
at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:681:15
at Object.decrypt (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/@authenio/xml-encryption/lib/xmlenc.js:202:16)
at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:670:23
at new Promise (<anonymous>)
at Object.decryptAssertion (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:655:14)
at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/flow.ts:225:34
at step (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:33:23) {
code: 8
}
[FATAL] when parsing login response sent from okta Error: ERR_EXCEPTION_OF_ASSERTION_DECRYPTION
at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:675:27
at Object.decrypt (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/@authenio/xml-encryption/lib/xmlenc.js:214:12)
at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:670:23
at new Promise (<anonymous>)
at Object.decryptAssertion (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:655:14)
at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/flow.ts:225:34
at step (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:33:23)
at Object.next (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:14:53)
at fulfilled (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:5:58)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
您必须将“isAssertionEncrypted”设置为 false 或在 Okta 和您自己的应用程序上上传加密证书。