WSO2是联合IdP
我下载的WSO2版本是5.9.0。我按照这里的建议配置了一个外部IDP,然后配置了声明和一个服务提供者,在这里我想要使用SAML2 SSO 我配置了我的服务提供商,以便在登录过程中使用和高级配置,其中第一步是基本身份验证,第二步是使用我的外部IdP完成的 同样相同的配置在我的WSO2 5.8.0中运行得非常好,而我在WSO2 IS 5.9.0中面临许多问题 在5.9.0版本中,当我尝试登录到我的应用程序时,WSO2向我显示登录界面,但当我单击外部IdP登录时,弹出窗口为空,如图所示 此外,我注意到,当我尝试修改位于${WSO2_IS_HOME}/repository/conf/identity中的application-authentication.xml时,我的修改丢失,文件返回默认状态。我试图在deployment.toml中插入修改,但我不知道如何正确配置SAMLSSO 然后,我试图仅通过显示外部登录界面来配置我的服务提供商。我犯了一个错误。堆栈跟踪如下所示:WSO2是联合IdP,wso2,wso2is,Wso2,Wso2is,我下载的WSO2版本是5.9.0。我按照这里的建议配置了一个外部IDP,然后配置了声明和一个服务提供者,在这里我想要使用SAML2 SSO 我配置了我的服务提供商,以便在登录过程中使用和高级配置,其中第一步是基本身份验证,第二步是使用我的外部IdP完成的 同样相同的配置在我的WSO2 5.8.0中运行得非常好,而我在WSO2 IS 5.9.0中面临许多问题 在5.9.0版本中,当我尝试登录到我的应用程序时,WSO2向我显示登录界面,但当我单击外部IdP登录时,弹出窗口为空,如图所示 此外,我注意
TID: [-1234] [] [2019-10-14 19:34:50,523] [a7721bfd-6c47-48f2-b31d-d30a0fbb7e06] DEBUG {org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager} - SAML Request : <?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest AssertionConsumerServiceURL="https://localhost:9443/commonauth" AttributeConsumingServiceIndex="0" Destination="http://localhost:8088/sso" ForceAuthn="true" ID="_84b2f91a208bc6b3ee12383e2cf26652" IssueInstant="2019-10-14T17:34:50.505Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><samlp:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="http://wso2_590_ai" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">http://wso2_590_ai</samlp:Issuer><saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/><saml2p:RequestedAuthnContext Comparison="exact" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.spid.gov.it/SpidL2</saml2:AuthnContextClassRef></saml2p:RequestedAuthnContext></samlp:AuthnRequest>
TID: [-1234] [] [2019-10-14 19:34:50,524] [a7721bfd-6c47-48f2-b31d-d30a0fbb7e06] DEBUG {org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager} - Parameter Map {} tenantDomain carbon.super
TID: [-1234] [] [2019-10-14 19:34:50,524] [a7721bfd-6c47-48f2-b31d-d30a0fbb7e06] DEBUG {org.wso2.carbon.identity.application.authenticator.samlsso.manager.X509CredentialImpl} - tenantID -1234
TID: [-1234] [] [2019-10-14 19:34:50,525] [a7721bfd-6c47-48f2-b31d-d30a0fbb7e06] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.util.EmptyStackException
at java.util.Stack.peek(Stack.java:102)
at java.util.Stack.pop(Stack.java:84)
at org.wso2.carbon.context.internal.CarbonContextDataHolder.endTenantFlow(CarbonContextDataHolder.java:1295)
at org.wso2.carbon.context.PrivilegedCarbonContext.endTenantFlow(PrivilegedCarbonContext.java:75)
at org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils.endTenantFlow(FrameworkUtils.java:1505)
at org.wso2.carbon.identity.application.authenticator.samlsso.manager.X509CredentialImpl.<init>(X509CredentialImpl.java:202)
at org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager.buildRequest(DefaultSAML2SSOManager.java:267)
at org.wso2.carbon.identity.application.authenticator.samlsso.SAMLSSOAuthenticator.initiateAuthenticationRequest(SAMLSSOAuthenticator.java:123)
at org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:71)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:502)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:267)
at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:185)
at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.GraphBasedSequenceHandler.handle(GraphBasedSequenceHandler.java:111)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:155)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:239)
at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1592)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.sendToFrameworkForAuthentication(SAMLSSOProviderServlet.java:827)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleSPInitSSO(SAMLSSOProviderServlet.java:719)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:270)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doPost(SAMLSSOProviderServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:100)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:146)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
你有小费吗?在我看来,这似乎是一个bug,但这是一个太明显的问题……我想我找到了bug 在class
org.wso2.carbon.identity.application.authenticator.samlsso.manager.X509CredentialImpltry {
/**
* Get the private key and the cert for the respective tenant domain.
*/
if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
FrameworkUtils.startTenantFlow(tenantDomain);
//Do some stuffs
} else {
//Do other stuffs
}
} catch (Exception e) {
//Handle exception
} finally {
FrameworkUtils.endTenantFlow();
}
FrameworkUtils.startTenantFlow(tenantDomain)。这意味着在最后一步中,我们必须正确处理endTenantFlow()。我以这种方式修改了代码:
try {
/**
* Get the private key and the cert for the respective tenant domain.
*/
if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
FrameworkUtils.startTenantFlow(tenantDomain);
//Do some stuffs
} else {
//Do other stuffs
}
} catch (Exception e) {
//Handle exception
} finally {
if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
if (log.isDebugEnabled()) {
log.debug("finalizzo il tenant flow per tenant domain " + tenantDomain);
}
FrameworkUtils.endTenantFlow();
} else {
if (log.isDebugEnabled()) {
log.debug("Tenant domain " + tenantDomain + " nessun flow da finalizzare");
}
}
}
它现在似乎起作用了
我希望它能有用
AngeloHey@Angelo,我在哪里可以找到它的JAVA以及如何导出到新的JAR?Hi@hiren您可以在这里找到github存储库;对于wso2是5.9.0,您必须使用标签5.2.6(我不知道wso2团队是否在后续的标签版本中修复了它;我给了他们补丁)。这是一个基于maven的项目,您需要JDK1.8
try {
/**
* Get the private key and the cert for the respective tenant domain.
*/
if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
FrameworkUtils.startTenantFlow(tenantDomain);
//Do some stuffs
} else {
//Do other stuffs
}
} catch (Exception e) {
//Handle exception
} finally {
if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
if (log.isDebugEnabled()) {
log.debug("finalizzo il tenant flow per tenant domain " + tenantDomain);
}
FrameworkUtils.endTenantFlow();
} else {
if (log.isDebugEnabled()) {
log.debug("Tenant domain " + tenantDomain + " nessun flow da finalizzare");
}
}
}