Liferay PingFederate:无法从IdP身份验证服务获取属性

我在尝试调用PingFederae

StartSSO.ping

endpoint时遇到此异常

12:49:54,153 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/startSSO.ping
12:49:54,157 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,157 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null} replacing Cookie{PF=F1OpbNzE8iYqMJq6UcG5wa; path=/; maxAge=-1; domain=null}
12:49:54,157 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: null, newKey: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS, value: 1)
12:49:54,157 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null}
12:49:54,160 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response). 
12:49:54,232 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/ENvrS/resumeSAML20/idp/startSSO.ping
12:49:54,233 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] getAttr(key: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS): 1
12:49:54,233 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null} replacing null
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: LotsmXsBxdLFrhrm8OVFYE, newKey: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS, value: 2)
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS): 2
12:49:54,233 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:sbwb-ppc-idp subject:null
12:49:54,233 ERROR [HandleAuthnRequest] Exception occurred during request processing
org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.
    at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:54)
    at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:78)
    at org.sourceid.saml20.profiles.ProfileProcessManager.resumeHandleRequest(ProfileProcessManager.java:73)
    at $ProfileProcessMgmtService_1461cd08008.resumeHandleRequest($ProfileProcessMgmtService_1461cd08008.java)
    at org.sourceid.websso.servlet.IntegrationControllerServlet.process(IntegrationControllerServlet.java:63)
    at org.sourceid.websso.servlet.EnforcerServletBase.checkProcess(EnforcerServletBase.java:89)
    at org.sourceid.websso.servlet.EnforcerServletBase.doGet(EnforcerServletBase.java:138)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:669)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1448)
    at org.sourceid.servlet.filter.NoCacheFilter.doFilter(NoCacheFilter.java:55)
    at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
    at org.sourceid.websso.servlet.ProxyFilter.doFilter(ProxyFilter.java:34)
    at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:126)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:368)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
    at java.lang.Thread.run(Thread.java:722)
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
    at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:141)
    at org.sourceid.saml20.profiles.idp.HandleAuthnRequest.doResume(HandleAuthnRequest.java:245)
    at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.exeResume(ResumableRequestHandlerBase.java:66)
    at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:50)
    ... 43 more
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
    at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthNHelper(IdpAuthnAdapter.java:159)
    at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthN(IdpAuthnAdapter.java:78)
    at org.sourceid.websso.authn.AdapterAuthnProcessor.lookupAuthN(AdapterAuthnProcessor.java:96)
    at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:132)
    ... 46 more
12:49:54,238 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null}
12:49:54,239 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response). 

我认为当PingFederate成员找不到应用程序生成的OpenToken时，会调用此异常。但是浏览器中存在cookie。

Ping联邦成员应用程序将显示错误页面：

我的Idp适配器设置如下所示：

cookie-path=/
use-verbose-error-messages=false
cipher-suite=2
obfuscate-password=true
session-cookie=false
password=Kyx+ElfeRRDkPRYZoVF3BQ==
token-name=opentoken
cookie-domain=.banka.liferay.com
token-notbefore-tolerance=0
token-renewuntil=43200
use-sunjce=false
secure-cookie=false
token-lifetime=300
use-cookie=true

我正在努力找出这个问题的原因。但是没有成功

这个问题的原因可能是什么？它是否与Ping Federate有关，或者我的配置中是否缺少某些内容

以下是IdP适配器的屏幕截图：

以下是SP连接的摘要：

---

---

是否会将您重定向到恢复URL，主机名为localhost？在这种情况下，您的浏览器将不会将发布到.banka.liferay.com的cookie发送到服务器，因此会出现错误。

是否会将您重定向到恢复URL，主机名为localhost？在这种情况下，您的浏览器不会将发布到.banka.liferay.com的cookie发送到服务器，因此会出现错误。

这通常是您分配的IdP适配器的问题。我在日志中根本没有看到重定向到适配器的消息。你是自己制作IdP适配器，还是修改/使用我们的适配器？不是，我自己做的。但是，我使用了提供的默认服务器设置。您可以发布IdP适配器摘要屏幕以及连接摘要屏幕的屏幕截图吗？@AndyK.-PingIdentity我添加了IdP适配器和SP连接摘要的屏幕截图。因此，当您转到/IdP/StartSSO.ping？partner=。。。，您是否正确地重定向到banka.liferay.com:8080上的身份验证服务？这通常是您分配的IdP适配器的问题。我在日志中根本没有看到重定向到适配器的消息。你是自己制作IdP适配器，还是修改/使用我们的适配器？不是，我自己做的。但是，我使用了提供的默认服务器设置。您可以发布IdP适配器摘要屏幕以及连接摘要屏幕的屏幕截图吗？@AndyK.-PingIdentity我添加了IdP适配器和SP连接摘要的屏幕截图。因此，当您转到/IdP/StartSSO.ping？partner=。。。，你是否被正确地重定向到banka.liferay.com:8080上的身份验证服务？我不明白你在暗示什么。好的，这是通过

banka.liferay.com

，

https://localhost:9031/idp/startSSO.ping

通过重定向调用。之后

banka.liferay.com/web/my bank/home？resume=/idp/bUDlM/resumeSAML20/idp/startSSO.ping&spentity=sbwb-ppc-idp

，然后将其重定向到pingFederate服务器位置

https://localhost:9031/idp/bUDlM/resumeSAML20/idp/startSSO.ping

。这不是所谓的重定向流吗？我的意思是，您的浏览器不会将.banka.liferay.com的cookie集发送到localhost。您可以更改PingFederate的基本URL，使其与应用程序位于同一cookie域中，也可以选择将OpenToken作为查询参数发送。谢谢您的建议。我想现在我将尝试使用查询参数。如果它起作用，我确实可以纠正我基于cookie的方法中的错误。谢谢你的建议。至少我去掉了上面发布的错误日志。这不是我想要的方式，一个OpenToken作为查询参数，但我会找到处理cookie的方法。好主意，Mehmet！完全没有注意到这一点。[叹气]林中有林，诸如此类。我不明白你在暗示什么。好的，这是通过

banka.liferay.com

，

https://localhost:9031/idp/startSSO.ping

通过重定向调用。之后

banka.liferay.com/web/my bank/home？resume=/idp/bUDlM/resumeSAML20/idp/startSSO.ping&spentity=sbwb-ppc-idp

，然后将其重定向到pingFederate服务器位置

https://localhost:9031/idp/bUDlM/resumeSAML20/idp/startSSO.ping

。这不是所谓的重定向流吗？我的意思是，您的浏览器不会将.banka.liferay.com的cookie集发送到localhost。您可以更改PingFederate的基本URL，使其与应用程序位于同一cookie域中，也可以选择将OpenToken作为查询参数发送。谢谢您的建议。我想现在我将尝试使用查询参数。如果它起作用，我确实可以纠正我基于cookie的方法中的错误。谢谢你的建议。至少我去掉了上面发布的错误日志。这不是我想要的方式，一个OpenToken作为查询参数，但我会找到处理cookie的方法。好主意，Mehmet！完全没有注意到这一点。[叹气]从树林中消失的森林，以及所有的一切。