[英]How can I connect the Spring SAML example application to a Weblogic IDP?
Exception stacktrace: 异常stacktrace:
Jun 17, 2015 10:33:31 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [default] in context with path [] threw exception [org.opensaml.ws.message.encoder.MessageEncodingException: Unable to builder artifact for message to relying party] with root cause
org.opensaml.ws.message.encoder.MessageEncodingException: Unable to builder artifact for message to relying party
at org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder.buildArtifact(HTTPArtifactEncoder.java:232)
at org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder.getEncode(HTTPArtifactEncoder.java:195)
at org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder.doEncode(HTTPArtifactEncoder.java:137)
at org.opensaml.ws.message.encoder.BaseMessageEncoder.encode(BaseMessageEncoder.java:52)
at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:227)
at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:195)
at org.springframework.security.saml.websso.AbstractProfileBase.sendMessage(AbstractProfileBase.java:144)
at org.springframework.security.saml.websso.WebSSOProfileImpl.sendAuthenticationRequest(WebSSOProfileImpl.java:105)
at org.springframework.security.saml.SAMLEntryPoint.initializeSSO(SAMLEntryPoint.java:226)
at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:153)
at org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
In the log there's another message that says: 日志中还有另一条消息:
No artifact resolution service endpoint defined for the entity null
没有为实体定义工件解析服务端点null
I tried to make the example application authenticate against a Weblogic IDP and against a Shibboleth IDP, but I didn't manage to make it work. 我试图使示例应用程序针对Weblogic IDP和Shibboleth IDP进行身份验证,但是我没有设法使其正常工作。 Either the configuration is not complete or I'm missing something fundamental.
配置要么不完整,要么我缺少基本的东西。
1. Add Credential Mapping 1.添加凭据映射
To enable SAML functionality, we first need to add a credential mapping. 要启用SAML功能,我们首先需要添加凭证映射。 Open the Weblogic Administration Console
打开Weblogic管理控制台
http://server:port/console
e.g.
http://127.0.0.1:7101/console
1.1. 1.1。 Add mapping entry
添加映射条目
1.1.1. 1.1.1。 Navigate to the Credential Mapping page:
导航到“凭据映射”页面:
Security Realms > myrealm > Providers > Credential Mapping
1.1.2. 1.1.2。 Click the new button
点击新按钮
1.1.3. 1.1.3。 Click on the new mapping
点击新的映射
Enter an Issuer URI : 输入颁发者URI :
eg http://www.server.com/issuer 例如http://www.server.com/issuer
Save the mapping 保存映射
2. Configure SAML properties 2.配置SAML属性
2.1. 2.1。 Navigate to the Servers page
导航到“服务器”页面
2.2. 2.2。 Navigate to Federation Services > SAML 2.0 General
导航到联合身份验证服务> SAML 2.0常规
Enter a value for the Published Site URL (host and port should be the same as the values you noted in the previous step): 输入发布站点URL的值(主机和端口应与上一步中记下的值相同):
eg http://localhost:7101/saml2 例如http:// localhost:7101 / saml2
Enter an Entity ID (note that this ID MUST BE the same as the Issuer URI you entered earlier) 输入实体ID (请注意,此ID必须与您之前输入的Issuer URI相同)
eg http://www.server.com/issuer 例如http://www.server.com/issuer
Has to be the same as the Issuer URI from the Credential Mapping. 必须与凭据映射中的颁发者URI相同。
2.3. 2.3。 Switch to the SAML 2.0 Identity Provider tab
切换到SAML 2.0身份提供程序选项卡
3. Exchange metadata information 3.交换元数据信息
3.1. 3.1。 Export IDP metadata
导出IDP元数据
The Identity Provider metadata file is used by the Service Provider (SSO client) application to determine login URLs and other useful information. 服务提供商(SSO客户端)应用程序使用身份提供者元数据文件来确定登录URL和其他有用信息。
3.1.1. 3.1.1。 Navigate to Federation Services > SAML 2.0 General
导航到联合身份验证服务> SAML 2.0常规
3.2. 3.2。 Use the metadata file in the Service Provider application
在服务提供商应用程序中使用元数据文件
The Service Provider application needs to know where to find the IDP. 服务提供商应用程序需要知道在哪里可以找到IDP。 This information is contained in the IDP metadata file.
此信息包含在IDP元数据文件中。
3.3. 3.3。 Obtain the Service Provider metadata file
获取服务提供商元数据文件
The IDP needs to know about the Service Provider (SSO client) as well. IDP还需要了解服务提供商(SSO客户端)。 You need to obtain the SP metadata file.
您需要获取SP元数据文件。
3.4. 3.4。 Configure Service Provider Partner
配置服务提供商合作伙伴
Links 链接
Which Weblogic version are you using? 您正在使用哪个Weblogic版本? At least in older versions Oracle consultants told me that the Weblogic's SAML IDP support is not "production quality" and the implementation indeed had issues (like usage of old libraries, no support for SAML encryption, handling bugs), but it may have changed since.
至少在较旧的版本中,Oracle顾问告诉我,Weblogic的SAML IDP支持不是“生产质量”,并且实现确实存在问题(例如,使用旧库,不支持SAML加密,处理错误),但是此后可能已经发生了变化。 。
The error "No artifact resolution service endpoint" suggests that your IDP's metadata doesn't have an ArtifactResolutionEndpoint in its metadata. 错误“无工件解析服务端点”提示您IDP的元数据的元数据中没有ArtifactResolutionEndpoint。 In your place I'd try to use HTTP-POST binding instead of Artifact.
在您的位置,我将尝试使用HTTP-POST绑定而不是Artifact。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.