基于node.js的sso(单点登录-客户端校验)
2017-07-27 本文已影响0人
旅行路上的吕行
背景
由于公司内部已经写好一套cas系统,现有一个新的模块需要基于node并借助原cas系统实现访问控制。
本项目基于开源项目
https://github.com/TencentWSRD/connect-cas2
sso原理
快速开始
- 安装环境
npm init -y
npm install connect-cas2 --save-dev
//需要node版本7.0及以上
- 构建
新建一个js文件client.js写入
var express = require('express');
var ConnectCas = require('connect-cas2');
var bodyParser = require('body-parser');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var MemoryStore = require('session-memory-store')(session);
var app = express();
app.use(cookieParser());
app.use(session({
name: 'NSESSIONID',
secret: 'Hello I am a long long long secret',
store: new MemoryStore() // or other session store
}));
var casClient = new ConnectCas({
debug: true,
ignore: [
/\/ignore/
],
match: [],
servicePrefix: 'http://localhost:3000',
serverPath: 'http://your-cas-server.com',
paths: {
validate: '/cas/validate',
serviceValidate: '/buglycas/serviceValidate',
proxy: '/buglycas/proxy',
login: '/buglycas/login',
logout: '/buglycas/logout',
proxyCallback: '/buglycas/proxyCallback'
},
redirect: false,
gateway: false,
renew: false,
slo: true,
cache: {
enable: false,
ttl: 5 * 60 * 1000,
filter: []
},
fromAjax: {
header: 'x-client-ajax',
status: 418
}
});
app.use(casClient.core());
// NOTICE: If you want to enable single sign logout, you must use casClient middleware before bodyParser.
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.get('/logout', casClient.logout());
// or do some logic yourself
app.get('/logout', function(req, res, next) {
// Do whatever you like here, then call the logout middleware
casClient.logout()(req, res, next);
});
安装所有的依赖包
npm install express body-parser express-session cooike-parser session-memory-store --save-dev
- 配置参数
name: 'NSESSIONID',
secret: 'Hello I am a long long long secret',
image.png
控制台中的application中的cooikes中的key、value填进去
servicePrefix: 'http://localhost:3000',
serverPath: 'http://your-cas-server.com',
validate: '/cas/validate',
serverPath:填入cas服务的地址
validate: '/cas/validate':填入登录成功后的转跳地址
注意
报错:
1.express-session错误:
express-session deprecated undefined resave option; provide resave option at client.js:14:9
express-session deprecated undefined saveUninitialized option; provide saveUninitialized option at client.js:14:9\
在session中添加两个参数
app.use(session({
name: 'xxx',
secret: 'xxx',
resave:true,//添加这行
saveUninitialized: true,//添加这行
store: new MemoryStore() // or other session store
}));
2.cas错误
Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS.
将本服务的ip地址在服务端放过或者更改本地hosts文件变成CAS服务允许的ip地址。