基于node.js的sso(单点登录-客户端校验)

96
旅行路上的吕行
0.3 2017.07.27 17:24* 字数 193

背景

由于公司内部已经写好一套cas系统,现有一个新的模块需要基于node并借助原cas系统实现访问控制。
本项目基于开源项目

https://github.com/TencentWSRD/connect-cas2

sso原理

快速开始

  • 安装环境
npm init -y
npm install connect-cas2 --save-dev
//需要node版本7.0及以上
  • 构建

新建一个js文件client.js写入

var express = require('express');
var ConnectCas = require('connect-cas2');
var bodyParser = require('body-parser');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var MemoryStore = require('session-memory-store')(session);

var app = express();

app.use(cookieParser());
app.use(session({
  name: 'NSESSIONID',
  secret: 'Hello I am a long long long secret',
  store: new MemoryStore()  // or other session store
}));

var casClient = new ConnectCas({
  debug: true,
    ignore: [
      /\/ignore/
    ],
    match: [],
    servicePrefix: 'http://localhost:3000',
    serverPath: 'http://your-cas-server.com',
    paths: {
      validate: '/cas/validate',
      serviceValidate: '/buglycas/serviceValidate',
      proxy: '/buglycas/proxy',
      login: '/buglycas/login',
      logout: '/buglycas/logout',
      proxyCallback: '/buglycas/proxyCallback'
    },
    redirect: false,
    gateway: false,
    renew: false,
    slo: true,
    cache: {
      enable: false,
      ttl: 5 * 60 * 1000,
      filter: []
    },
    fromAjax: {
      header: 'x-client-ajax',
      status: 418
    }
});

app.use(casClient.core());

// NOTICE: If you want to enable single sign logout, you must use casClient middleware before bodyParser.
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

app.get('/logout', casClient.logout());

// or do some logic yourself
app.get('/logout', function(req, res, next) {
  // Do whatever you like here, then call the logout middleware
  casClient.logout()(req, res, next);
});

安装所有的依赖包

npm install express body-parser express-session cooike-parser session-memory-store --save-dev
  • 配置参数
  name: 'NSESSIONID',
  secret: 'Hello I am a long long long secret',
image.png

控制台中的application中的cooikes中的key、value填进去

  servicePrefix: 'http://localhost:3000',
  serverPath: 'http://your-cas-server.com',
  validate: '/cas/validate',

serverPath:填入cas服务的地址

validate: '/cas/validate':填入登录成功后的转跳地址

注意

报错:
1.express-session错误:

 express-session deprecated undefined resave option; provide resave option at client.js:14:9
 express-session deprecated undefined saveUninitialized option; provide saveUninitialized option at client.js:14:9\

在session中添加两个参数

app.use(session({
    name: 'xxx',
    secret: 'xxx',
    resave:true,//添加这行
    saveUninitialized: true,//添加这行
    store: new MemoryStore()  // or other session store
}));

2.cas错误

Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS.

将本服务的ip地址在服务端放过或者更改本地hosts文件变成CAS服务允许的ip地址。

前端学习笔记
Web note ad 1