[英]Spring SAML Single Sign on ADFS Response failure because status message is null
我正在嘗試在 Spring SAML 擴展和 ADFS 服務器的幫助下為我的 Web 應用程序集成單點登錄,我在 3 個月前在 Spring SAML 示例應用程序的幫助下集成,當時它運行良好,但現在它給了我下面例外
AuthNRequest;SUCCESS;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;
AuthNResponse;FAILURE;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
SAML 2 和 ADFS 3.0 IDP - SSO 無效狀態代碼第一次登錄 - 但每次都成功
我瀏覽了上面的鏈接,但它對我不起作用,我在 ADFS 服務器中更改並嘗試了數字簽名 SHA-256 到 SHA-1,但問題沒有解決。
經過很多天的掙扎,我發現我的應用程序在 Internet 上運行良好,但在 Intranet 環境中無法正常工作,我檢查了 ADFS 服務器日志,然后得到以下異常
Microsoft.IdentityServer.Service.SecurityTokenService.RevocationValidationException: MSIS7098: The certificate identified by thumbprint '2312312213BKHDIIDHD783j3bsd' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted.
我已經驗證了我的申請證書,它是 CA 信任的,具有有效的有效性,但問題仍然存在於內網,我不明白為什么 ADFS 服務器說它不是有效的證書並返回
urn:oasis:names:tc:SAML:2.0:status:Responder
狀態代碼作為響應,然后我禁用了 ADFS 服務器中的簽名證書信任檢查,然后它對我來說工作正常,我不知道這是否是有效的解決方案,但它對我有用。
使用Microsoft ADFS的Spring Security SAML身份驗證失敗
[英]Spring security SAML authentication failure with Microsoft ADFS
ADFS注銷響應中的“ urn:oasis:names:tc:SAML:2.0:status:Requester”
[英]“urn:oasis:names:tc:SAML:2.0:status:Requester” in ADFS logout response
使用SAML oneLogin代碼以iDP連接到ADFS時響應錯誤
[英]Error in response while using SAML oneLogin code to connect to ADFS as iDP
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.