身份提供者(salesforce)注销SSO时注销服务提供者(passport-saml)
[英]Logout service provider(passport-saml) when identity provider(salesforce) logs out SSO
问题描述
I have created a connected App in salesforce end, and using passport saml to provide SSO to several nodeJs applications based on expressJs. 
我在salesforce端创建了一个连接的应用程序,并使用saml护照向基于expressJ的多个nodeJs应用程序提供SSO。
SSO is working fine. SSO工作正常。
However when I logout from salesforce, I can still login to the applications. 但是,当我从Salesforce注销时,我仍然可以登录到应用程序。
I believe that this has something to do with cookies. 我相信这与Cookie有关。 Is there any way to watch a salesforce cookie and logout when it is invalidated? 有什么方法可以查看失效的salesforce cookie和注销?
Or is there any way to send a call from salesforce to one of my routes when a logout is initiated? 还是在注销时有任何方法可以将Salesforce的呼叫发送到我的一条路由?
2 个解决方案
解决方案1
0 2017-08-26 15:39:19
The solution is to validate the salesforce auth token before serving the web application from NodeJs. 解决方案是在从NodeJ服务Web应用程序之前,验证salesforce身份验证令牌。 In other words, the NodeJs backend application will validate the corresponding salesforce session using the salesforce sessionId token received when logging in using the jsforce.connection.login interface. 换句话说,NodeJs后端应用程序将使用在使用jsforce.connection.login接口登录时收到的salesforce sessionId令牌来验证相应的salesforce会话。 If the session is no longer valid, the passportJs session should be invalidated using req.logout() method 如果该会话不再有效,则应该使用req.logout()方法使passportJs会话无效
解决方案2
0 已采纳
You can validate the auth token(salesforce or whatever) before serving the static files. 您可以在提供静态文件之前验证auth令牌(salesforce或其他)。
However, if you are building a SPA, then you will need to validate the session in the frontend code(which runs on the browser) as well. 但是,如果要构建SPA,则还需要使用前端代码(在浏览器中运行)验证会话。
Otherwise, your approach will not work when the browser performs caching and when you are saving data to the browser's local storage from your SPA. 否则,当浏览器执行缓存以及将数据从SPA保存到浏览器的本地存储时,您的方法将不起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.