Cannot POST /auth/strategy/callback SAML

General
1

I notice this topic has arisen before.

I have being experimenting with passport in Node-RED.

All seems good for OAuth and OIDC via Azure, however I am having issues with SAML.

I created an identity provider as an Enterprise app within the Azure portal.

Are there any plans to allow for SAML with a passport SAML strategy to be compatible in version 4.0.0? Or would I need to add an endpoint to listen for this POST request?

Also I notice some previous posts relating to the issue.

Screenshot 2024-05-14 175641
Screenshot 2024-05-14 1756411010×720 14.8 KB

2

Can you link to these previous posts?

Any saml based passport strategy should work with Node-RED. Can you share how you have configured it (excluding any tokens of course).

3

No problem, thanks for having time :slight_smile:

This one is OIDC

However this strategy implementation for Azure works, due to the use of the parameters

responseType: "code",
responseMode: "query",

I tried those with this strategy, but they were not compatible.

I am using the SAML-P endpoint, apologies if the next code is very much Hello World!

adminAuth: {
    type: "strategy",
    strategy: {
      name: "saml",
      label: "Sign in with Entra ID",
      icon: "fa-windows",
      strategy: require("passport-saml").Strategy,
      options: {
        issuer: "very-secret-issuer",
        entryPoint: "https://login.microsoftonline.com/top-secret-uid/saml2",
        cert: "almost-definitely-a-secret-cert,
        callbackUrl: "http://localhost:1880/auth/strategy/callback",
        verify: function (accessToken, refreshToken, profile, done) {
          // @todo
          done(null, profile);
        },
        autoLogin: true,
      },
    },
    users: function (user) {
      return Promise.resolve({ username: user, permissions: "*" });
    },
  },

Looks like more tinkering...

4

It was discovered that if I added the following, it worked

callbackMethod: "POST"

It's self evident but here is a link to the commit