Authentication 在WSO2 Identity Server中处理身份验证请求时出错-NullPointerException
我在使用WSO2身份服务器进行身份验证时遇到问题。 我有一个名为avis.com的网页,当我进入该网页时,单击登录按钮,然后该网页导航到WSO2 Identity Server的登录表单。但是,当我在表单中输入用户名和密码并单击登录时。错误页面显示为:Authentication 在WSO2 Identity Server中处理身份验证请求时出错-NullPointerException,authentication,wso2,single-sign-on,saml,wso2is,Authentication,Wso2,Single Sign On,Saml,Wso2is,我在使用WSO2身份服务器进行身份验证时遇到问题。 我有一个名为avis.com的网页,当我进入该网页时,单击登录按钮,然后该网页导航到WSO2 Identity Server的登录表单。但是,当我在表单中输入用户名和密码并单击登录时。错误页面显示为: SAML 2.0 based Single Sign-On Error when processing the authentication request! Please try login again. 在Apache Tomcat日志中
SAML 2.0 based Single Sign-On
Error when processing the authentication request!
Please try login again.
Nov 07, 2013 3:12:32 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [SAML2ConsumerServlet] in context with path [/travelocity.com] threw exception
java.lang.NullPointerException
at com.travelocity.saml.sso.SamlConsumerManager.getResult(SamlConsumerManager.java:272)
at com.travelocity.saml.sso.SamlConsumerManager.processResponseMessage(SamlConsumerManager.java:246)
at com.travelocity.saml.sso.SAML2ConsumerServlet.doPost(SAML2ConsumerServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
private-Map-getResult(XMLObject-responseXmlObj){
if(responseXmlObj.getDOM().getNodeName().equals(“saml2p:LogoutResponse”)//第722行{
返回null;
}
响应响应=(响应)响应xmlobj;
断言=response.getAssertions().get(0);
Map resutls=new HashMap();//第72行
/*
*如果请求失败,IDP不应该发送断言。
*SSO配置文件规范4.1.4.2使用
*/
if(断言!=null){
字符串subject=assertion.getSubject().getNameID().getValue();
resutls.put(“Subject”,Subject);//获取主题
List attributeStatementList=断言。getAttributeStatements();
if(attributeStatementList!=null){
//我们已收到用户的属性
迭代器AttribStatister=attributeStatementList.Iterator();
while(attribstatister.hasNext()){
AttributeStatement statment=attribStatister.next();
List attributesList=station.getAttributes();
迭代器attributesIter=attributesList.Iterator();
while(attributesIter.hasNext()){
Attribute attrib=attributesIter.next();
元素值=attrib.getAttributeValues().get(0.getDOM();
字符串attribValue=value.getTextContent();
resutls.put(attrib.getName(),attribValue);
}
}
}
}
返回结果;
}
protectedvoiddopost(HttpServletRequest请求,HttpServletResponse响应)
抛出ServletException,
IOException{
字符串responseMessage=request.getParameter(“SAMLResponse”);
如果(responseMessage!=null){/*来自身份提供程序的响应*/
映射结果=consumer.processResponseMessage(responseMessage);
if(result!=null&&result.size()=1){
/*
*不会返回任何用户属性,因此只需转到默认值即可
*主页。
*/
response.sendRedirect(“home.jsp?subject=“+result.get(“subject”));
}else if(请求!=null&&result.size()>1){
/*
*我们已经收到属性,所以让我们在
*属性主页。
*/
字符串params=“home attrib.jsp?”;
Object[]keys=result.keySet().toArray();
对于(int i=0;i公共映射进程响应消息(字符串响应消息){
XMLObject responseXmlObj=null;
试一试{
responseXmlObj=解组(responseMessage);
}捕获(配置异常e){
e、 printStackTrace();
}捕获(ParserConfiguration异常e){
e、 printStackTrace();
}捕获(SAXE异常){
e、 printStackTrace();
}捕获(IOE异常){
e、 printStackTrace();
}捕获(解组异常e){
e、 printStackTrace();
}
返回getResult(responseXmlObj);//第246行
}
我不知道配置时是否遗漏了某些步骤?要使我的网页成功进行身份验证,我必须记住哪些要点 我遇到了相同的异常。按以下方式更新解组方法解决了我的问题
private XMLObject unmarshall(String responseMessage) throws ConfigurationException,
ParserConfigurationException, SAXException,
IOException, UnmarshallingException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
byte[] base64DecodedResponse = responseMessage.getBytes("UTF-8");
byte[] decoded = Base64.decode(base64DecodedResponse,0,responseMessage.length());
System.out.println(new String(decoded, StandardCharsets.UTF_8));
String s = new String(decoded,StandardCharsets.UTF_8);
Document document = docBuilder.parse(new InputSource(new StringReader(s)));
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
return unmarshaller.unmarshall(element);
}
SamlConsumerManager.java:272上到底是什么?这里是:Map resutls=new HashMap();不,我不这么认为。很可能是这样的:
if(responseXmlObj.getDOM().getNodeName().equals(“saml2p:LogoutResponse”)responseXmlObjprotected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,
IOException {
String responseMessage = request.getParameter("SAMLResponse");
if (responseMessage != null) { /* response from the identity provider */
Map<String, String> result = consumer.processResponseMessage(responseMessage);
if (result != null && result.size() == 1) {
/*
* No user attributes are returned, so just goto the default
* home page.
*/
response.sendRedirect("home.jsp?subject=" + result.get("Subject"));
} else if (request != null && result.size() > 1) {
/*
* We have received attributes, so lets show them in the
* attribute home page.
*/
String params = "home-attrib.jsp?";
Object[] keys = result.keySet().toArray();
for (int i = 0; i < result.size(); i++) {
String key = (String) keys[i];
String value = (String) result.get(key);
if (i != result.size()) {
params = params + key + "=" + value + "&";
} else {
params = params + key + "=" + value;
}
}
response.sendRedirect(params);
} else {
// something wrong, re-login
response.sendRedirect("index.jsp");
}
} else { /* time to create the authentication request or logout request */
try {
String requestMessage = consumer.buildRequestMessage(request);
response.sendRedirect(requestMessage);
} catch (IOException e) {
e.printStackTrace();
}
}
}
public Map<String, String> processResponseMessage(String responseMessage) {
XMLObject responseXmlObj = null;
try {
responseXmlObj = unmarshall(responseMessage);
} catch (ConfigurationException e) {
e.printStackTrace();
} catch (ParserConfigurationException e) {
e.printStackTrace();
} catch (SAXException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (UnmarshallingException e) {
e.printStackTrace();
}
return getResult(responseXmlObj); // line 246
}
private XMLObject unmarshall(String responseMessage) throws ConfigurationException,
ParserConfigurationException, SAXException,
IOException, UnmarshallingException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
byte[] base64DecodedResponse = responseMessage.getBytes("UTF-8");
byte[] decoded = Base64.decode(base64DecodedResponse,0,responseMessage.length());
System.out.println(new String(decoded, StandardCharsets.UTF_8));
String s = new String(decoded,StandardCharsets.UTF_8);
Document document = docBuilder.parse(new InputSource(new StringReader(s)));
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
return unmarshaller.unmarshall(element);
}