堆栈内存溢出
  简体   繁体   English

从WSO2 Identity Server 5.3 WS-Trust STS获取安全令牌

[英]Get Security Token from WSO2 Identity Server 5.3 WS-Trust STS

 原文  2017-10-13 00:14:24       wso2/ wso2is

问题描述

I have WSO2IS set up with an AD LDS user store and have a WS-Federation Passive STS prototype written in ASP.NET MVC that works and can authenticate as a user defined in AD LDS. 我为WSO2IS设置了AD LDS用户存储,并有一个用ASP.NET MVC编写的WS-Federation Passive STS原型,该原型可以工作并且可以作为AD LDS中定义的用户进行身份验证。 I am now attempting to write a simple .NET console app to manually connect to the WS-Trust endpoint and authentication as this same user (or the admin user, tried both). 我现在正在尝试编写一个简单的.NET控制台应用程序,以使用同一用户(或admin用户,两者都尝试过)手动连接到WS-Trust端点并进行身份验证。 I have secured the WS-Trust endpoint using UserNamePassword, and selected which users can authenticate. 我已经使用UserNamePassword保护了WS-Trust端点,并选择了哪些用户可以进行身份​​验证。

However, when I run this prototype I get a "java.lang.NullPointerException" from WSO2IS. 但是,当我运行此原型时,我从WSO2IS获得了“ java.lang.NullPointerException”。

What am I doing wrong or leaving out? 我在做什么错或遗漏?

System.ServiceModel.FaultException occurred HResult=0x80131501 发生System.ServiceModel.FaultException HResult = 0x80131501
Message=java.lang.NullPointerException Source=System.ServiceModel Message = java.lang.NullPointerException Source = System.ServiceModel
StackTrace: at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at WsTrustActiveSTSClient.Program.Main(String[] args) in C:\\Source\\caci\\MFOMID Prototypes\\STS\\WSO2IS-RP\\WsTrustActiveSTSClient\\Program.cs:line 38 StackTrace:位于System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst,RequestSecurityTokenResponse&rstr)处的System.ServiceModel.Security.WSTrustChannel.Issue(消息响应),位于C:\\ Source中的WsTrustActiveSTSClient.Program.Main(String [] args)。 \\ caci \\ MFOMID原型\\ STS \\ WSO2IS-RP \\ WsTrustActiveSTSClient \\ Program.cs:第38行

I have looked at the logs for the exception information and it seems to be thrown in org.apache.rahas.impl.SAMLTokenIssuer.createHoKAssertion. 我查看了日志中的异常信息,它似乎抛出了org.apache.rahas.impl.SAMLTokenIssuer.createHoKAssertion。

TID: [-1234] [] [2017-10-12 20:10:34,719] ERROR {org.apache.axis2.transport.http.AxisServlet} - TID:[-1234] [] [2017-10-12 20:10:3​​4,719]错误{org.apache.axis2.transport.http.AxisServlet}-
java.lang.NullPointerException at org.apache.rahas.impl.SAMLTokenIssuer.createHoKAssertion(SAMLTokenIssuer.java:452) at org.apache.rahas.impl.SAMLTokenIssuer.issue(SAMLTokenIssuer.java:202) at org.apache.rahas.TokenRequestDispatcher.handle(TokenRequestDispatcher.java:69) at org.apache.rahas.STSMessageReceiver.invokeBusinessLogic(STSMessageReceiver.java:57) at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40) at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) at javax.servlet.http.HttpServlet.s org.apache.rahas.impl.SAMLTokenIssuer.createHoKAssertion(SAMLTokenIssuer.java:452)处的org.apache.rahas.impl.SAMLTokenIssuer.issue(SAMLTokenIssuer.java:202)处的java.lang.NullPointerException位于org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)的org.apache.rahas.STSMessageReceiver.invokeBusinessLogic(STSMessageReceiver.java:57)的TokenRequestDispatcher.handle(TokenRequestDispatcher.java:69) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)的.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils .java:173),位于org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146),位于org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231),位于javax。 javax.servlet.http.HttpServlet.s上的servlet.http.HttpServlet.service(HttpServlet.java:650) ervice(HttpServlet.java:731) at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpH org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)上的ervice(HttpServlet.java:731)org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet。 org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)的java.128。)(javax.servlet.http.HttpServlet.service(HttpServlet.java:731)的org.wso2.carbon位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)的.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain) .java:208)位于org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)位于org.apache。 catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)在org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpH eaderSecurityFilter.java:120) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalin 于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)处的eaderSecurityFilter.java:120)在org.wso2.carbon处的org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)处org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)处的.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain) .java:208)位于org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)位于org.apache.catalina。 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)处的core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)在org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)处在org.apache.catalin a.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72) at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91) at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :)上org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)上的a.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) 103)at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)在org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)在org.wso2的org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)的org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60) .org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)上的.carbon.tomcat.ext.valves.CarbonTomcatValve $ 1.invoke(CarbonTomcatValve.java:47),位于org.wso2.carbon.tomcat。 org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)处的ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org org.apso.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)上的org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)处的ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)在org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java: 452)在org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)在org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:637)在org.apache.tomcat.util.net位于org.apache.tomcat.util.net的.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1756),位于java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java的NioEndpoint $ SocketProcessor.run(NioEndpoint.java:1715) :1149),位于org的java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:624) .apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) .apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)在java.lang.Thread.run(Thread.java:748)

Here is the source code for this simple WS-Trust STS client written using WIF 4.5 under the .NET Framework 4.5.2. 这是在.NET Framework 4.5.2下使用WIF 4.5编写的此简单WS-Trust STS客户端的源代码。 

using System;
using System.IdentityModel.Claims;
using System.IdentityModel.Protocols.WSTrust;
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.ServiceModel.Security;

namespace WsTrustActiveSTSClient
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential, false);
            binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
            binding.Security.Message.EstablishSecurityContext = false;


            EndpointAddress endpoint = new EndpointAddress("https://localhost:9443/services/wso2carbon-sts");

            WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, endpoint);
            factory.Credentials.UserName.UserName = "admin";
            factory.Credentials.UserName.Password = "admin";

            WSTrustChannel channel = (WSTrustChannel) factory.CreateChannel();

            RequestSecurityToken rst = new RequestSecurityToken
            {
                RequestType = RequestTypes.Issue,
                KeyType = KeyTypes.Symmetric,
                Claims =
                {
                    new RequestClaim(ClaimTypes.Name)
                }
            };

            RequestSecurityTokenResponse rstr = null;
            SecurityToken token = channel.Issue(rst, out rstr);

            Console.WriteLine("{0}", token);
            Console.ReadLine();
        }
    }
}

1 个解决方案

解决方案1
 0 已采纳  2017-10-17 15:19:47

The issue is that I was requesting a Symmetric key token and it looks like I wasn't configured for that. 问题是我正在请求对称密钥令牌,但好像没有为此配置。 I changed it to a Bearer token and it worked fine. 我将其更改为Bearer令牌,并且工作正常。 I am still looking into the Symmetric key use case, though. 不过,我仍在研究对称密钥用例。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WSO2 Identity Server 5.0 WSO2支持什么WS-Trust版本 - WSO2 Identity Server 5.0 What WS-Trust version is supported in WSO2 WSO2身份服务器-无法从STS获取SAML令牌 - WSO2 Identity Server - cant get SAML token from STS 与wso2 php框架的ws-trust - ws-trust with wso2 php framework 带有插件 WS-Trust Authenticator 的 WSO2 发送 saml 1.1 请求 - WSO2 with plugin WS-Trust Authenticator sends saml 1.1 request WSO2身份服务器STS会话 - WSO2 Identity Server STS Session 在被动STS WSO2身份服务器中禁用身份验证 - Disabling authentication in Passive STS WSO2 Identity Server WSO2身份服务器 - SAML SSO - 被动STS示例无法正常工作 - WSO2 Identity Server - SAML SSO - Passive STS example not working WSO2身份服务器+ Rest STS客户端(不带ESB) - WSO2 Identity Server + Rest STS Client (without ESB) Spring Security与WSO2 Identity Server的集成 - Spring Security integration with WSO2 Identity Server 运行WSO2 Identity Server STS客户端的异常 - Exception running the WSO2 Identity Server STS Client
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM