This uses the passport plugin.
I've done a subsequent post on ADFS (see link below) but first refer:
Authenticating a NodeJS application using Thinktecture Identity Server v2entity-server-v2-to-authenticate-your-node-application/
I got a lot of the code from here (there's a Gist at the end).
How to Use SSL/TLS with Node.js
Good reference - ADFS will only work with RP that support SSL.
I have a Windows 8 box so I need a version of OpenSSL that runs on Windows. After a bit of googling, I decided to use Shining Light OpenSSL. (and if you get some value out of it, consider donating).
Setup up the environment variable:
set OPENSSL_CONF=C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.cfg
(or wherever you installed it).
As per the second article:
openssl genrsa -des3 -out server.enc.key 1024
openssl req -new -key server.enc.key -out server.csr
openssl rsa -in server.enc.key -out server.key
openssl x509 -req -days xxx -in server.csr -signkey server.key -out server.crt
where xxx = number of days you want the certificate to be valid.
You should now have server.key and server.crt in the directory. We will use these in the next article - refer Node : Federating with ADFS via WS-Fed.
Footnote
These are private keys. The first is protected with a pass phrase.
- server.enc.key
- server.key
C:\...>openssl rsa -check -in server.enc.key
Enter pass phrase for server.enc.key:
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIICX...
or
C:\...>openssl rsa -check -in server.key
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIICX...
This is a Certificate Signing Request (csr)
server.csr
To view use:
C:...>openssl req -text -noout -verify -in server.csr
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=nz, ST=Some-State, L=Akl, O=Private, OU=Identity, CN=joeb/emailAddress=joeb@abc.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:cd:89:6d:...
This is a self-signed certificate.
server.crt
To view use:
C:...>openssl x509 -text -noout -in server.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
d8:d4:83:49:af:60:f1:3b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=nz, ST=Some-State, L=Akl, O=Private, OU=Identity, CN=joeb/emailAddress=joeb@abc.com
Validity
Not Before: Feb 16 01:12:17 2016 GMT
Not After : Oct 8 01:12:17 2017 GMT
Subject: C=nz, ST=Some-State, L=Akl, O=Private, OU=Identity, CN=joeb/emailAddress=joeb@abc.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:cd:89:6d:...
In Windows terms, copy server.crt to server.cer.
Double-click on server.cer and you'll get the familiar certificate pop up.
Good overview here: OpenSSL Essentials: Working with SSL Certificates, Private Keys and CSRs
Enjoy!
No comments:
Post a Comment