Active directory Shibboleth属性查询SAML错误:入站消息颁发者未通过身份验证
idp进程日志Active directory Shibboleth属性查询SAML错误:入站消息颁发者未通过身份验证,active-directory,ldap,shibboleth,Active Directory,Ldap,Shibboleth,idp进程日志 edu.vt.middleware.ldap.jaas.LdapLoginModule required host="WIN-1GB01UK5SL6.VECISADTEST.com" port="636" base="CN=Users,DC=vecisadtest,DC=com" tls="false" serviceCredential="XXX" userRoleAttribute="sAMAccountName" serviceUser="Adm
edu.vt.middleware.ldap.jaas.LdapLoginModule required
host="WIN-1GB01UK5SL6.VECISADTEST.com"
port="636"
base="CN=Users,DC=vecisadtest,DC=com"
tls="false"
serviceCredential="XXX"
userRoleAttribute="sAMAccountName"
serviceUser="Administrator@vecisadtest.com"
ssl="true"
subtreeSearch = "true"
userField="sAMAccountName";
edu.vt.middleware.ldap.jaas.LdapLoginModule required
host="WIN-1GB01UK5SL6.VECISADTEST.com"
port="636"
base="CN=Users,DC=vecisadtest,DC=com"
tls="false"
serviceCredential="XXX"
userRoleAttribute="sAMAccountName"
serviceUser="Administrator@vecisadtest.com"
ssl="true"
subtreeSearch = "true"
userField="sAMAccountName";
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldaps://WIN-1GB01UK5SL6.VECISADTEST.com"
baseDN="CN=Users,DC=vecisadtest,DC=com"
principal="Administrator@vecisadtest.com"
principalCredential="XXX"
useStartTLS="false"
>
<dc:FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</dc:FilterTemplate>
<StartTLSTrustCredential xsi:type="sec:X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="UA_AD_CA_Certificate">
<sec:Certificate>C:\Progs\ShibbolethIdP\certs\VECISADTEST.pem</sec:Certificate>
</StartTLSTrustCredential>
<StartTLSAuthenticationCredential xsi:type="sec:X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="IdPtoLDAPCredential">
<sec:PrivateKey>C:\Progs\ShibbolethIdP\credentials\idp.key</sec:PrivateKey>
<sec:Certificate>C:\Progs\ShibbolethIdP\credentials\idp.crt</sec:Certificate>
</StartTLSAuthenticationCredential>
</resolver:DataConnector>
<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.janet.org:8444/idp/profile/SAML1/SOAP/AttributeQuery"/><AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.janet.org:8444/idp/profile/SAML2/SOAP/AttributeQuery"/>
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldaps://WIN-1GB01UK5SL6.VECISADTEST.com"
baseDN="CN=Users,DC=vecisadtest,DC=com"
principal="Administrator@vecisadtest.com"
principalCredential="XXX"
useStartTLS="false"
>
<dc:FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</dc:FilterTemplate>
<StartTLSTrustCredential xsi:type="sec:X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="UA_AD_CA_Certificate">
<sec:Certificate>C:\Progs\ShibbolethIdP\certs\VECISADTEST.pem</sec:Certificate>
</StartTLSTrustCredential>
<StartTLSAuthenticationCredential xsi:type="sec:X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="IdPtoLDAPCredential">
<sec:PrivateKey>C:\Progs\ShibbolethIdP\credentials\idp.key</sec:PrivateKey>
<sec:Certificate>C:\Progs\ShibbolethIdP\credentials\idp.crt</sec:Certificate>
</StartTLSAuthenticationCredential>
</resolver:DataConnector>
<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.janet.org:8444/idp/profile/SAML1/SOAP/AttributeQuery"/><AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.janet.org:8444/idp/profile/SAML2/SOAP/AttributeQuery"/>
谢谢。通过更新服务提供商上的配置文件shibboleth2.xml解决了该问题。签名属性必须设置为true [Shibboleth服务提供商安装位置]\etc\Shibboleth\shibboleth2.xml SPConfig>ApplicationDefaults@signing
Shibboleth Service Provider 2.5.2的默认安装,签名属性为false。如何测试属性查询?通过Saml2Client还是SOAP?