node.js - HTTP 400 : Bad Request error in ADFS HTTPS Request

Question

我正在编写一个 Node.js 应用程序并尝试集成一个 ADFS 服务器以获取身份验证。为此，我使用 wstrust-client，并使用 ADFS 服务器 URL 作为我的端点。到目前为止我的代码是:

app.get('/login', function(req, res) {
    trustClient.requestSecurityToken({
        scope: 'https://mycompany.com',
        username: "username",
        password: "password",
        endpoint: 'https://[adfs server]/adfs/services/trust/13/usernamemixed'
    }, function (rstr) {
         // Access the token
        var rawToken = rstr.token;
        console.log('raw: ' + rawToken);
    }, function(error) {
        console.log(error)
    }); 
});    

我正在通过 wstrust-client

请求 https

到目前为止，我在 wstrustclient.js 中的代码是:

var req = https.request(post_options, function(res) {
    res.setEncoding('utf8');
    res.on('data', function(data) {
        console.log("Entered res")

        var rstr = {
            token: parseRstr(data),
            response: res,
        };

        callback(rstr);
    }); 
});

req.write(message);
req.end();
req.on('error', function (e) { 
console.log("******************************");
console.log(e);
console.log("******************************");

但是，它抛出这个错误:

******************************
{ [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
    stack: 'Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE\n   
    at SecurePair.<anonymous> (tls.js:1253:32)\n    
    at SecurePair.EventEmitter.emit (events.js:91:17)\n    
    at SecurePair.maybeInitFinished (tls.js:865:10)\n    
    at CleartextStream.read [as _read] (tls.js:416:15)\n  
    at CleartextStream.Readable.read (_stream_readable.js:231:10)\n  
    at EncryptedStream.write [as _write] (tls.js:329:25)\n  
    at EncryptedStream.Writable.write (_stream_writable.js:176:8)\n  
    at write (_stream_readable.js:496:24)\n 
    at flow (_stream_readable.js:506:7)\n    
    at Socket.pipeOnReadable (_stream_readable.js:538:5)' }
    ******************************
    ******************************
    { [Error: read ECONNRESET]
        stack: 'Error: read ECONNRESET\n   
        at errnoException (net.js:846:11)\n  
        at TCP.onread (net.js:508:19)',
        code: 'ECONNRESET',
        errno: 'ECONNRESET',
        syscall: 'read' }
    ******************************

当我在浏览器中浏览同一个端点 URL 时，它抛出 HTTP 400: Bad Request

我知道这是一个 SSL 类型错误，而且它来自服务器端。但是，我不知道它为什么会抛出错误以及服务器端可能出了什么问题。我需要更改什么？

Answer 1

根据 OpenSSL 手册 here :

21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate no signatures could be verified because the chain contains only one certificate and it is not self signed.

考虑到这一点，您似乎需要签署证书。