stackoom
  简体   繁体   中英

WSO2 SAML SSO for different carbon versions

 原文  2013-11-01 21:37:54       wso2/ wso2esb/ saml/ wso2carbon/ wso2is

Question

I'm trying to setup SAML based SSO for set of WSO2 products (all used by latest versions available for now):

  • WSO2 Identity Server 4.5.0
  • WSO2 Business Rules Server 2.0.0
  • WSO2 ESB 4.7.0
  • WSO2 Business Activiti Monitoring 2.4.0
  • WSO2 Application Server 5.2.0

SSO works fine for BAM and AS, but failed for other servers (BRS, ESB). I'm getting on IS side exception like: 

[Fatal Error] :1:1: Content is not allowed in prolog.
[2013-11-01 22:16:26,830] ERROR {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} -  Error in constructing AuthRequest from the encoded String
org.xml.sax.SAXParseException: Content is not allowed in prolog.

nd As I understand problem is: IS, AS and BAM all based on carbon 4.2.0 - and as result SSO working fine, but BRS and ESB latest versions based on older carbon (4.1.0 or 4.0.0) and there are compatibility problem in message encoding between different carbon versions.

Question - is it possible to fix somehow tools based on older carbon version to make it working with latest carbon 4.2.0 based IS 4.5.0? Or, in general, how setup SAML SSO independently from each carbon (or even not carbon-based at all) service providers used?

2 answers

solution1
 0  2013-11-04 04:55:11

Yes this is a know issue. Identity Server 4.5.0 can not be used to do SSO with older carbon versions. This is due that SAML2 SSO authenticator in older carbon version is not complaint with IS 4.5.0 IDP. Actually there is some bug in the older versions. However there are some fixes for that. They can be found in public jiras (not sure). ESB and BRS are going to release soon, before end of Nov, Therefore you can try with newer versions as they are also based on Carbon 4.2.0 platform,

solution2
 0  2013-11-15 12:23:40

I am getting exactly same issue with same configuration. @Asela as you mentioned, I can either go with ESB 4.8.0 (or) IS 4.1.0; but what kind of issues we'll have when we go for decentralized federated SAML2 IdP.

Is IS 4.1.0 is compatible with ESB 4.7.0, and is tested in decentralized federated SAML2 IdP? If so, we would downgrade our IS to 4.1.0.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SAML and OpenID SSO with WSO2 Identity server WSO2 APIM - SAML SSO - ACS URL WSO2 SAML SSO/SLO for API Manager and Identity Server WSO2 IS SAML SSO Account locked claim do not working WSO2 Identity Server supports service provider initiated SSO in SAML? SAML2.0 SSO with the WSO2 Identity Server? SAML SSO with Facebook Federated Authentication fails in WSO2 IS 5.3.0 SAML SSO Logout fails in WSO2 Identity Server 5 WSO2 Identity Server - SAML SSO - Passive STS example not working SAML SSO with Facebook Federated Authentication fails in WSO2 IS 5.0.0
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM