Error: Incorrect request format when trying to call /login

random42 / passport-spid

Passport strategy for SPID (italian citizens) authentication

MIT License

12 stars 5 forks source link

Error: Incorrect request format when trying to call /login #2

Closed ymhmd closed 1 year ago

ymhmd commented 1 year ago

Hi,

I've just noticed one error happened to me while using example.ts. I am not sure the root cause of this issue. Could you please help me to understand the issue?

Steps

Update const idp = 'https://posteid.poste.it'
Update privateKey and spCert
Update IPACode to be PA:IT-c_h501
Run example yarn dev
Open http://localhost:4000/login in the browser
Browser navigates to https://posteid.poste.it/jod-fs/ssoservicepost

Error Error message messaggio di avvisoErrore: Formato richiesta non corretto - Contattare il gestore del servizio appears

Screenshot

Gioppix commented 1 year ago

have you registered the metadata? this is how you would do it in the test env: https://demo.spid.gov.it/validator#/metadata-sp-download

ymhmd commented 1 year ago

@Gioppix, thanks a lot for the answer. It worked on test/demo env after I registered the metadata.

One more question, how can we register the metadata with real IdPs (Poste, Sielte ...etc) ? Maybe some docs can help 🙏

Gioppix commented 1 year ago

@ymhmd this is the list of IdPs - https://registry.spid.gov.it/identity-providers . I think you need to find the registration page for each one. May I ask how you updated the privateKey and spCert? I can't get this to work on the test env.

Thanks!

ymhmd commented 1 year ago

@Gioppix, To make it work, I did the following steps:

Create and validate certificate and private key as per https://github.com/italia/spid-compliant-certificates-python. This step should generate crt.pem, csr.pem and key.pem
Update const privateKey = (await fs.readFile("/path/key.pem")).toString();
Update const privateKey = (await fs.readFile("/path/crt.pem")).toString();

I hope this will make it work for you. If not, please let me know

Gioppix commented 1 year ago

@ymhmd what command have you used to start? have you cloned the repo or just the example? thanks

ymhmd commented 1 year ago

@Gioppix

First, you need to install this python requirement using pip install spid-compliant-certificates

We can generate crt.pem, csr.pem and key.pem with:

spid-compliant-certificates generator \
--key-size 3072 \
--common-name example \
--days 365 \
--entity-id YOUR_ENTITY_ID \
--locality-name Roma \
--org-id PA:IT-c_h501 \
--org-name example \
--sector public

To validate them, please run spid-compliant-certificates validator --sector public (this command should be executed in the same directory where crt.pem, csr.pem and key.pem exist

Gioppix commented 1 year ago

@ymhmd Sorry I was unclear, I meant the command to start the whole project on localhost

ymhmd commented 1 year ago

@Gioppix To run it locally:

Update dev script in package.json to ts-node-dev --respawn --inspect=0.0.0.0:9229 -- examples/main.ts
Run yarn dev

Gioppix commented 1 year ago

@ymhmd thanks a lot!