[英]WSO2 IS and API Manager SAML SSO - Login to store/publisher fail
[英]WSO2 API Publisher SAML SSO login fails
我配置了WSO2 API Publisher(1.10.0)SAML SSO,但是登錄失敗並出現以下錯誤:
TID: [-1234] [] [2016-02-10 18:33:16,643] WARN {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Destination validation for Authentication Request failed. Received: [null]. Expected one in the list: [https://identity.mydomain.pt:443/samlsso]
文件發布者/site/conf/site.json:
"ssoConfiguration" : {
"enabled" : "true",
"issuer" : "apis-publisher",
"identityProviderURL" : "https://identity.mydomain.pt:443/samlsso",
"keyStorePassword" : "wso2carbon",
"identityAlias" : "wso2carbon",
"responseSigningEnabled":"true",
"keyStoreName" :"/home/wso2/wso2am-1.10.0/repository/resources/security/wso2carbon.jks",
//"nameIdPolicy" : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", //If not specified, 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' will be used
},
和服務提供者配置(sso-idp-config.xml):
<!-- API MANAGER PUBLISHER -->
<ServiceProvider>
<Issuer>apis-publisher</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
<AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
<EnableSingleLogout>true</EnableSingleLogout>
<SLOResponseURL/>
<SLORequestURL/>
<SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
<SignResponse>true</SignResponse>
<ValidateSignatures>true</ValidateSignatures>
<EncryptAssertion>false</EncryptAssertion>
<CertAlias>wso2carbon</CertAlias>
<EnableAttributeProfile>false</EnableAttributeProfile>
<IncludeAttributeByDefault>false</IncludeAttributeByDefault>
<ConsumingServiceIndex/>
<EnableAudienceRestriction>false</EnableAudienceRestriction>
<AudiencesList>
<Audience>apis-publisher</Audience>
</AudiencesList>
<EnableRecipients>false</EnableRecipients>
<RecipientList>
<Recipient/>
</RecipientList>
<EnableIdPInitiatedSSO>false</EnableIdPInitiatedSSO>
<EnableIdPInitSLO>false</EnableIdPInitSLO>
<ReturnToURLList>
<ReturnToURL/>
</ReturnToURLList>
</ServiceProvider>
我對API Store進行了相同的配置,並且登錄正常。
我通過關閉簽名驗證來解決我的問題。
<ValidateSignatures>false</ValidateSignatures>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.