ADFS Sso And Using Passport-saml Express "No Decryption Key For Encrypted SAML Response"
I am having this issue while logging ADFS SSO. "No decryption key for encrypted SAML response". Login from another account is being successful. Someone can help me with this. I am using Express with passport-saml work.
This is code snap where I am stuck.
node_modules/passport-saml/lib/passport-saml/saml.js in null. at line 623:15
if (encryptedAssertions.length == 1) {
if (!self.options.decryptionPvk)
throw new Error('No decryption key for encrypted SAML response');
var encryptedAssertionXml = encryptedAssertions[0].toString();
Answer
How encryption works in SAML: identity provider encrypts some elements of the SAML response with service provider's public key. The service provider decrypts using the private key that corresponds to the public key used to encrypt. In other words, the service provider needs to own a keypair - private key and public key - for this use case to work.
The private key of the aforementioned keypair needs to be configured via decryptionPvk parameter in passport-saml. Since the assertion is encrypted yet no private key is found in decryptionPvk, passport-saml complains.
Either remove the encryption on ADFS side or provide the private key to passport-saml.
Related Questions
- → Maximum call stack exceeded when instantiating class inside of a module
- → Browserify api: how to pass advanced option to script
- → Node.js Passing object from server.js to external modules?
- → gulp-rename makes copies, but does not replace
- → requiring RX.js in node.js
- → Remove an ObjectId from an array of objectId
- → Can not connect to Redis
- → React: How to publish page on server using React-starter-kit
- → Express - better pattern for passing data between middleware functions
- → Can't get plotly + node.js to stream data coming through POST requests
- → IsGenerator implementation
- → Async/Await not waiting
- → (Socket.io on nodejs) Updating div with mysql data stops without showing error