search

opengovsg / spcp-auth-client

Integrates SingPass and CorpPass SAML into your node.js application
MIT License
25 stars 2 forks source link

Error in Step 2: Form Artifact Resolve with Artifact and Sign at SPCPAuthClient.makeNestedError #11

Closed khoo0030 closed 5 years ago

khoo0030 commented 5 years ago

Hi!

I've hooked up: MockPass @ localhost:5156 My frontend client for CorpPass redirect @ localhost:8681

Encountered: "Error in Step 2: Form Artifact Resolve with Artifact and Sign at SPCPAuthClient.makeNestedError" when calling /assert. Not sure what causing the error.

Steps to reproduce:

call the /assert endpoint

http://localhost:8080/assert?SAMLart=AAQAAFDAXYQm%2BWRGiqG7dPVRA3qTT3OZZlMIEpTRZn5zgTwF9%2FkLB0WXM9Q%3D&RelayState=https://localhost:8681/authenticate

index.js

require('dotenv').config();

const express = require('express');
const SPCPAuthClient = require('@opengovsg/spcp-auth-client');

const app = express();

const client = new SPCPAuthClient({
  partnerEntityId: process.env.PARTNER_ENTITY_ID,
  idpLoginURL: process.env.IDP_LOGIN_URL,
  idpEndpoint: process.env.IDP_ENDPOINT,
  esrvcID: process.env.E_SRVC_ID,
  appCert: process.env.APP_CERT,
  appKey: process.env.APP_KEY,
  spcpCert: process.env.SPCP_CERT,
  extract: process.env.EXTRACT,
});

app.get('/assert', (req, res) => {
  const { SAMLart: samlArt, RelayState: relayState } = req.query;
  client.getAttributes(samlArt, relayState, (err, data) => {
    // If all is well and login occurs, the attributes are given
    // In all cases, the relayState as provided in getAttributes() is given
    const { attributes, relayState } = data;
    if (err) {
      // Indicate through cookies or headers that an error has occurred
      console.error(err);
      res.cookie('login.error', err.message)
    } else {
      // For SingPass, a user `name will be given
      // Refer to unit tests to infer what CorpPass will give
      const { UserName: userName } = attributes;
      // Embed a session cookie or pass back some Authorization bearer token
      const FOUR_HOURS = 4 * 60 * 60 * 1000;
      const jwt = client.createJWT({ userName }, FOUR_HOURS);
      res.cookie('connect.sid', jwt)
    }
    res.redirect(relayState)
  })
});

const port = 8080;
app.listen(port, () => {
  console.log(`app listening on port ${port}`);
});

Tried to pass in APP_CERT, APP_KEY, SPCP_CERT in two ways - both produces the same error.

.env

PARTNER_ENTITY_ID=http://localhost:8681/authenticate
IDP_LOGIN_URL=http://localhost:5156/corppass/logininitial
IDP_ENDPOINT=http://localhost:5156/corppass/assert
E_SRVC_ID=PUB
APP_CERT=-----BEGIN CERTIFICATE-----xxx-----END CERTIFICATE-----
APP_KEY=-----BEGIN CERTIFICATE-----xxx-----END CERTIFICATE-----
SPCP_CERT=-----BEGIN CERTIFICATE-----xxx-----END CERTIFICATE-----
EXTRACT=SPCPAuthClient.extract.CORPPASS
TARGET_URL=http://localhost:8681/authenticate
PARTNER_ENTITY_ID=http://localhost:8681/authenticate
IDP_LOGIN_URL=http://localhost:5156/corppass/logininitial
IDP_ENDPOINT=http://localhost:5156/corppass/assert
E_SRVC_ID=PUB
APP_CERT=xxx
APP_KEY=xxx
SPCP_CERT=xxx
EXTRACT=SPCPAuthClient.extract.CORPPASS
TARGET_URL=http://localhost:8681/authenticate

Error:

{ Error: Error in Step 2: Form Artifact Resolve with Artifact and Sign
    at SPCPAuthClient.makeNestedError (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\@opengovsg\spcp-auth-client\SPCPAuthClient.class.js:226:25)
    at SPCPAuthClient.getAttributes (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\@opengovsg\spcp-auth-client\SPCPAuthClient.class.js:262:34)
    at app.get (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\index.js:34:10)
    at Layer.handle [as handle_request] (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\layer.js:95:5)
    at C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\index.js:281:22
    at Function.process_params (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\index.js:335:12)
    at next (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\index.js:275:10)
  cause: Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Sign.sign (internal/crypto/sig.js:85:26)
    at RSASHA256.getSignature (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\xml-crypto\lib\signed-xml.js:126:22)
    at SignedXml.calculateSignatureValue (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\xml-crypto\lib\signed-xml.js:414:32)
    at SignedXml.computeSignature (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\xml-crypto\lib\signed-xml.js:738:8)
    at SPCPAuthClient.signXML (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\@opengovsg\spcp-auth-client\SPCPAuthClient.class.js:125:11)
    at SPCPAuthClient.getAttributes (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\@opengovsg\spcp-auth-client\SPCPAuthClient.class.js:259:54)
    at app.get (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\index.js:34:10)
    at Layer.handle [as handle_request] (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (C:\Users\Admin\PhpstormProjects\NodeJS\chopchop\corppass\api-e-cms-corppass-expressjs\node_modules\express\lib\router\route.js:112:3) }
LoneRifle commented 5 years ago

Hello @khoo0030 , have you managed to fix this in the end? Apologies for not getting to this earlier!

khoo0030 commented 5 years ago

@LoneRifle . Yes, issue resolved. Was not passing in one of the certs correctly. appCert = <MockPass \static\certs\server.crt> appKey = <MockPass \static\certs\key.pem> spcpCert = <MockPass \static\certs\spcp.crt>

Closing this issue. Thanks.