Reputation: 820
Authenticate Express app with Passport.JS and ADFS
I'm trying to authenticate my Express app with ADFS using passport.js. I'm using the passport-wsfed-saml2 passport.js strategy and think I have everything as I should, but I have a problem logging in.
Launching my app (http://localhost:8011) redirects me to the ADFS login page. Great. I enter my login credentials for a user I added to the AD and receive an error....
Activity ID: 4fcc86b2-165d-4199-1d00-0080000000f3
Error details: Value cannot be null. Parameter name: g
Node name: f5c76cf3-a6a3-41c6-8584-37594f31107e
Error time: Tue, 30 Jun 2020 01:36:20 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
The event log on the ADFS server isn't much help...
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
Exception details:
System.ArgumentNullException: Value cannot be null.
Parameter name: g
at System.Guid..ctor(String g)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetContextFromWCtx(WSFederationContext federationPassiveContext, Boolean deleteCookie)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetOriginalRequestFromResponse(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
So, what am I doing wrong? And how can I investigate this further to figure out what is happening?
The configuration I'm working with is one server, running Windows Server 2019 configured as a DC and running ADFS. This is a test configuration to prove I can authenticate my app with ADFS.
Upvotes: 0
Views: 638
Answers (2)
Reputation: 820
The issue was because I was using Azure Gov. When I switched to Azure Commerical everything worked as expected.
Upvotes: 0
Reputation: 646
Initially check whether you were able to access the IDP initiated page or not. https://sts.contoso.com/adfs/ls/idpinitiatedsignon.htm.
"Encountered error due to passive request" will occur in various scenarios .
Enable admin and trace logs of the ADFS . The Trace log is where detailed messages are logged, and will be the most useful log when troubleshooting. It is disabled by default an you can enable both the logs, check the link to enable.
You can also use fiddler to understand the flow and troubleshoot.
Upvotes: 0
Related Questions
- NodeJS/ExpressJS/passport-saml ADFS SingleLogout implementation
- OAuth with passport.js for ADFS instead of Google
- ExpressJS/Passport-SAML Single Log Out re-logs in directly
- Passport Active Directory node.js
- Authenticating a Cloud NodeJS Backend With WPF Client with Active Directory ADFS
- nodejs passport authentication token
- ADFS is returning "SAML provider returned Responder error: unspecified" when credentials are left empty
- How to Authenticate & Authorize a Client-Side Web App using Remote NodeJS API that uses Passport.js
- PassportJS authentication
- Node.js auth: Using passport with Express