[英]WSO2 API Publisher SAML SSO login fails
我配置了WSO2 API Publisher(1.10.0)SAML SSO,但是登錄失敗並出現以下錯誤:
TID: [-1234] [] [2016-02-10 18:33:16,643] WARN {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Destination validation for Authentication Request failed. Received: [null]. Expected one in the list: [https://identity.mydomain.pt:443/samlsso]
文件發布者/site/conf/site.json:
"ssoConfiguration" : {
"enabled" : "true",
"issuer" : "apis-publisher",
"identityProviderURL" : "https://identity.mydomain.pt:443/samlsso",
"keyStorePassword" : "wso2carbon",
"identityAlias" : "wso2carbon",
"responseSigningEnabled":"true",
"keyStoreName" :"/home/wso2/wso2am-1.10.0/repository/resources/security/wso2carbon.jks",
//"nameIdPolicy" : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", //If not specified, 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' will be used
},
和服務提供者配置(sso-idp-config.xml):
<!-- API MANAGER PUBLISHER -->
<ServiceProvider>
<Issuer>apis-publisher</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
<AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
<EnableSingleLogout>true</EnableSingleLogout>
<SLOResponseURL/>
<SLORequestURL/>
<SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
<SignResponse>true</SignResponse>
<ValidateSignatures>true</ValidateSignatures>
<EncryptAssertion>false</EncryptAssertion>
<CertAlias>wso2carbon</CertAlias>
<EnableAttributeProfile>false</EnableAttributeProfile>
<IncludeAttributeByDefault>false</IncludeAttributeByDefault>
<ConsumingServiceIndex/>
<EnableAudienceRestriction>false</EnableAudienceRestriction>
<AudiencesList>
<Audience>apis-publisher</Audience>
</AudiencesList>
<EnableRecipients>false</EnableRecipients>
<RecipientList>
<Recipient/>
</RecipientList>
<EnableIdPInitiatedSSO>false</EnableIdPInitiatedSSO>
<EnableIdPInitSLO>false</EnableIdPInitSLO>
<ReturnToURLList>
<ReturnToURL/>
</ReturnToURLList>
</ServiceProvider>
我對API Store進行了相同的配置,並且登錄正常。
我通過關閉簽名驗證來解決我的問題。
<ValidateSignatures>false</ValidateSignatures>
WSO2 IS和API管理器SAML SSO - 登錄到商店/發布者失敗
[英]WSO2 IS and API Manager SAML SSO - Login to store/publisher fail
在WSo2 IS 5.3和WSo2 API Manager 2.2之間建立的SSO。 租戶用戶無法登錄到商店和發布者
[英]SSO Established between WSo2 IS 5.3 and WSo2 API Manager 2.2. Tenant users are not able to login to store and publisher
將 WSO2 發布者和開發門戶(即商店)SAML SSO 從默認 API 管理器更改為身份服務器
[英]Change WSO2 publisher and devportal(i.e store) SAML SSO from default API manager to Identity Server
WSO2 IS 5.3.0中具有Facebook聯合身份驗證的SAML SSO失敗
[英]SAML SSO with Facebook Federated Authentication fails in WSO2 IS 5.3.0
WSO2 IS 5.0.0中帶有Facebook聯合身份驗證的SAML SSO失敗
[英]SAML SSO with Facebook Federated Authentication fails in WSO2 IS 5.0.0
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.