wso2is 5.0-未为LogoutResponse设置Destiantion属性
[英]wso2is 5.0 - Destiantion attribute is not set for LogoutResponse
问题描述
Im trying to set up wso2is as an IdP. 
我试图将wso2is设置为一个IdP。 Liferay acts as SP. Liferay充当SP。
Signing in is done successfully. 登录成功完成。 My actual problem is - there is no 'destination' attribute set in LogoutResponse so liferay saml-portlet is throwing: 我的实际问题是-在LogoutResponse中没有设置“目的地”属性,因此liferay saml-portlet正在抛出:
14:12:26,779 ERROR [http-bio-8080-exec-18][BaseSamlStrutsAction:45com.liferay.saml.SamlException: org.opensaml.xml.security.SecurityException: SAML message intended destination (required by binding) was not present
com.liferay.saml.SamlException: org.opensaml.xml.security.SecurityException: SAML message intended destination (required by binding) was not present
at com.liferay.saml.profile.WebSsoProfileImpl.processResponse(WebSsoProfileImpl.java:166)
at com.liferay.saml.profile.WebSsoProfileUtil.processResponse(WebSsoProfileUtil.java:50)
at com.liferay.saml.hook.action.AssertionConsumerServiceAction.doExecute(AssertionConsumerServiceAction.java:38)
So here is my actual LogoutRequest: 所以这是我实际的LogoutRequest:
<saml2p:LogoutRequest Destination="https://localhost:9443/samlsso"
ID="_22d8ba65fc7ffdbc63d9d45ddea3e420ebc53373" IssueInstant="2014-07-30T13:16:33.576Z"
Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">liferaysamlspdemo</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_22d8ba65fc7ffdbc63d9d45ddea3e420ebc53373">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>A00CJe+mILdS1J9rofdyDWtO+/M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>[value]
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>[cert data]
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">xxx</saml2:NameID>
<saml2p:SessionIndex>436f2982-c96c-4884-a9ea-7b8b4cde13ff</saml2p:SessionIndex>
</saml2p:LogoutRequest>
And the corresponding response: 以及相应的响应:
<saml2p:LogoutResponse ID="hbkakhdacckapfinfncplppndpkhbpihhnfphjoh"
InResponseTo="_69f6c1f18217d5626f0a76a1b705138d56e5077f" IssueInstant="2014-07-30T14:12:26.651Z"
Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">liferaysamlidpdemo</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#hbkakhdacckapfinfncplppndpkhbpihhnfphjoh">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>35a6HRTd3gbqiGhR2RzkRWn+f04=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>[value]
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>[cert data]
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
</saml2p:LogoutResponse>
Now is that a general wso2is problem and it does not include "destination" attribute to LogoutResponse or am i doeing something wrong. 现在是一个一般的wso2is问题,它不包括LogoutResponse的“ destination”属性,或者我做错了什么。 I would be great if i could get some help. 如果能得到一些帮助,我会很棒。
1 个解决方案
解决方案1
0 已采纳 2014-07-31 08:01:50
In case you are using HTTP-POST binding the standard says: 如果您使用的是HTTP-POST绑定,则标准说明:
If the message is signed, the Destination XML attribute in the root SAML element of the protocol message MUST contain the URL to which the sender has instructed the user agent to deliver the message.
And therefore it would mean that wso2 has a bug. 因此,这意味着wso2有一个错误。
The Destination attribute is not be required with HTTP-Artifact or SAML SOAP bindings. HTTP-Artifact或SAML SOAP绑定不需要Destination属性。 In case you use one of these, it would mean that there's a problem on the Liferay side. 如果您使用其中之一,则意味着Liferay方面存在问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.