在节点中使用 CAS 身份验证验证虚拟服务
Authenticating a dummy service with CAS authentication in node
我正在尝试制作一个网络应用程序,该应用程序使用我大学的 CAS 身份验证来登录用户。后端是使用 Express 编写的,运行 目前在 localhost:5000 上。我已经使用 cas-authentication 包来为我处理身份验证。使用其 npm 页面中的示例代码:
var app = require('express')();
var session = require('express-session');
var CASAuthentication = require('cas-authentication');
// Set up an Express session, which is required for CASAuthentication.
app.use( session({
secret : 'super secret key',
resave : false,
saveUninitialized : true
}));
// Create a new instance of CASAuthentication.
var cas = new CASAuthentication({
cas_url : 'https://my-cas-host.com/cas',
service_url : 'https://my-service-host.com'
});
// Unauthenticated clients will be redirected to the CAS login and then back to
// this route once authenticated.
app.get( '/app', cas.bounce, function ( req, res ) {
res.send( '<html><body>Hello!</body></html>' );
});
// Unauthenticated clients will receive a 401 Unauthorized response instead of
// the JSON data.
app.get( '/api', cas.block, function ( req, res ) {
res.json( { success: true } );
});
// An example of accessing the CAS user session variable. This could be used to
// retrieve your own local user records based on authenticated CAS username.
app.get( '/api/user', cas.block, function ( req, res ) {
res.json( { cas_user: req.session[ cas.session_name ] } );
});
// Unauthenticated clients will be redirected to the CAS login and then to the
// provided "redirectTo" query parameter once authenticated.
app.get( '/authenticate', cas.bounce_redirect );
// This route will de-authenticate the client with the Express server and then
// redirect the client to the CAS logout page.
app.get( '/logout', cas.logout );
app.listen(5000);
我的问题是,如果我在 CASAuthentication 对象中将我学院的 CAS 门户的 url 作为 cas_url,那么我应该在 service_url 中放什么?
我尝试将 localhost:5000 放在那里,但是当我启动应用程序并转到 localhost:5000/app 时,它会将我重定向到一个页面,上面写着“应用程序未授权使用 CAS”。相反,将我大学的 moodle 站点放在原处不会出现此问题,并在身份验证后重定向到 moodle(我们大学的 Moodle 也使用 CAS)。
我知道这是一种防止恶意服务使用 CAS 的安全功能,但这是否意味着每个仍处于早期开发阶段的服务都必须向 CAS 注册?
或者是否有一些我可以使用而无需与大学管理员交谈的解决方法?
You may encounter this error, when the requesting application/service url cannot be found in your CAS service registry. When an authentication request is submitted to the CAS login endpoint, the destination application is indicated as a url parameter which will be checked against the CAS service registry to determine if the application is allowed to use CAS. If the url is not found, this message will be displayed back. Since service definitions in the registry have the ability to be defined by a url pattern, it is entirely possible that the pattern in the registry for the service definition is misconfigured and does not produce a successful match for the requested application url.
所以,
does this mean that every service that is still in early development stages must be registered with CAS?
是的。如果你想使用别人的系统,你需要他们的许可,无论如何。
Or is there some kind of work around that I can use without needing to talk to the college admins?
没有解决方法。但是,您可以设置自己的 CAS 服务器。
我正在尝试制作一个网络应用程序,该应用程序使用我大学的 CAS 身份验证来登录用户。后端是使用 Express 编写的,运行 目前在 localhost:5000 上。我已经使用 cas-authentication 包来为我处理身份验证。使用其 npm 页面中的示例代码:
var app = require('express')();
var session = require('express-session');
var CASAuthentication = require('cas-authentication');
// Set up an Express session, which is required for CASAuthentication.
app.use( session({
secret : 'super secret key',
resave : false,
saveUninitialized : true
}));
// Create a new instance of CASAuthentication.
var cas = new CASAuthentication({
cas_url : 'https://my-cas-host.com/cas',
service_url : 'https://my-service-host.com'
});
// Unauthenticated clients will be redirected to the CAS login and then back to
// this route once authenticated.
app.get( '/app', cas.bounce, function ( req, res ) {
res.send( '<html><body>Hello!</body></html>' );
});
// Unauthenticated clients will receive a 401 Unauthorized response instead of
// the JSON data.
app.get( '/api', cas.block, function ( req, res ) {
res.json( { success: true } );
});
// An example of accessing the CAS user session variable. This could be used to
// retrieve your own local user records based on authenticated CAS username.
app.get( '/api/user', cas.block, function ( req, res ) {
res.json( { cas_user: req.session[ cas.session_name ] } );
});
// Unauthenticated clients will be redirected to the CAS login and then to the
// provided "redirectTo" query parameter once authenticated.
app.get( '/authenticate', cas.bounce_redirect );
// This route will de-authenticate the client with the Express server and then
// redirect the client to the CAS logout page.
app.get( '/logout', cas.logout );
app.listen(5000);
我的问题是,如果我在 CASAuthentication 对象中将我学院的 CAS 门户的 url 作为 cas_url,那么我应该在 service_url 中放什么?
我尝试将 localhost:5000 放在那里,但是当我启动应用程序并转到 localhost:5000/app 时,它会将我重定向到一个页面,上面写着“应用程序未授权使用 CAS”。相反,将我大学的 moodle 站点放在原处不会出现此问题,并在身份验证后重定向到 moodle(我们大学的 Moodle 也使用 CAS)。
我知道这是一种防止恶意服务使用 CAS 的安全功能,但这是否意味着每个仍处于早期开发阶段的服务都必须向 CAS 注册? 或者是否有一些我可以使用而无需与大学管理员交谈的解决方法?
You may encounter this error, when the requesting application/service url cannot be found in your CAS service registry. When an authentication request is submitted to the CAS login endpoint, the destination application is indicated as a url parameter which will be checked against the CAS service registry to determine if the application is allowed to use CAS. If the url is not found, this message will be displayed back. Since service definitions in the registry have the ability to be defined by a url pattern, it is entirely possible that the pattern in the registry for the service definition is misconfigured and does not produce a successful match for the requested application url.
所以,
does this mean that every service that is still in early development stages must be registered with CAS?
是的。如果你想使用别人的系统,你需要他们的许可,无论如何。
Or is there some kind of work around that I can use without needing to talk to the college admins?
没有解决方法。但是,您可以设置自己的 CAS 服务器。