【发布时间】:2021-11-25 21:50:23
【问题描述】:
我正在尝试使用 WSO2 Identity Server 5.10 从 Angular 客户端执行简单的登录代码流。 服务提供者配置了 Oauth/OpenID 连接配置。
首先我的客户调用/oauth2/authorize端点:
https://myplatform.com/oauth2/authorize?response_type=code&client_id=...
然后我被重定向到登录表单页面:
https://myplatform.com/authenticationendpoint/login.do?client_id=...
输入用户名和密码后,用户通过了身份验证,正如我从日志中看到的那样(我也尝试使用错误的密码登录,但我收到了 Login Failed! 消息),但随后我收到了一条 HTTP 500 消息。
这些是我在提交凭据时在浏览器中看到的网络调用:
1) https://myplatform.com/logincontext?sessionDataKey=a886baf0-2d20-4327-80c0-de723e14a420&relyingParty=i69JjSmHPUpQBJC3QDIzjltTHbQa&tenantDomain=carbon.super&_=1633447226722
2) https://poc.smartcityplatform.it/commonauth
3) https://poc.smartcityplatform.it/oauth2/authorize?sessionDataKey=d9948a51-80bf-4438-b0dc-be8eaefc1f56
WSO2IS 日志:
java.lang.IllegalArgumentException: Passed URL is empty.
at org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils.buildURLWithQueryParams(FrameworkUtils.java:1665)
at org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getErrorPageURL(EndpointUtil.java:413)
at org.wso2.carbon.identity.oauth.endpoint.expmapper.InvalidRequestExceptionMapper.buildErrorResponseConsentHandlingFailure(InvalidRequestExceptionMapper.java:174)
at org.wso2.carbon.identity.oauth.endpoint.expmapper.InvalidRequestExceptionMapper.toResponse(InvalidRequestExceptionMapper.java:138)
at org.wso2.carbon.identity.oauth.endpoint.expmapper.InvalidRequestExceptionMapper.toResponse(InvalidRequestExceptionMapper.java:56)
at org.apache.cxf.jaxrs.utils.ExceptionUtils.convertFaultToResponse(ExceptionUtils.java:84)
at org.apache.cxf.jaxrs.utils.JAXRSUtils.convertFaultToResponse(JAXRSUtils.java:1660)
at org.apache.cxf.jaxrs.JAXRSInvoker.handleFault(JAXRSInvoker.java:362)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:210)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:85)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:86)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:75)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:119)
知道发生了什么吗? 谢谢!
更新
我按照用户 @Sajith 的建议添加了更多日志记录,令人惊讶的是,我发现 DEBUG 语句中缺少一个表。我使用了来自https://github.com/wso2/kubernetes-is 的部署脚本,其中实际上缺少关于同意管理表的语句。
[2021-10-06 06:48:34,320] [921d87de-2dec-46c6-b1f5-84397fb2f8ad] DEBUG {org.wso2.carbon.identity.oauth.endpoint.expmapper.InvalidRequestExceptionMapper} - System Error while handling consent: org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException: Error while handling user consent for claim for user: sysadmin@carbon.super for client_id: i69JjSmHPUpQBJC3QDIzjltTHbQa of tenantDomain: carbon.super
....
at
Caused by: org.wso2.carbon.consent.mgt.core.exception.ConsentManagementServerException: Error while searching receipts.
at org.wso2.carbon.consent.mgt.core.util.ConsentUtils.handleServerException(ConsentUtils.java:64)
at org.wso2.carbon.consent.mgt.core.dao.impl.ReceiptDAOImpl.searchReceipts(ReceiptDAOImpl.java:303)
at org.wso2.carbon.consent.mgt.core.ConsentManagerImpl.searchReceipts(ConsentManagerImpl.java:637)
at org.wso2.carbon.consent.mgt.core.ConsentManagerImpl.searchReceipts(ConsentManagerImpl.java:607)
at org.wso2.carbon.consent.mgt.core.PrivilegedConsentManagerImpl$22.execute(PrivilegedConsentManagerImpl.java:562)
at org.wso2.carbon.consent.mgt.core.PrivilegedConsentManagerImpl$22.execute(PrivilegedConsentManagerImpl.java:558)
at org.wso2.carbon.consent.mgt.core.model.ConsentInterceptorTemplate.executeWith(ConsentInterceptorTemplate.java:56)
at org.wso2.carbon.consent.mgt.core.PrivilegedConsentManagerImpl.searchReceipts(PrivilegedConsentManagerImpl.java:558)
at org.wso2.carbon.consent.mgt.core.InterceptingConsentManager.searchReceipts(InterceptingConsentManager.java:79)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.SSOConsentServiceImpl.getReceiptListOfUserForSP(SSOConsentServiceImpl.java:761)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.SSOConsentServiceImpl.getConsentReceiptOfUser(SSOConsentServiceImpl.java:375)
... 73 more
Caused by: org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException: Error in performing Database query: '%s'SELECT R.CONSENT_RECEIPT_ID, R.LANGUAGE, R.PII_PRINCIPAL_ID, R.PRINCIPAL_TENANT_ID, R.STATE,RS.SP_DISPLAY_NAME,RS.SP_DESCRIPTION FROM CM_RECEIPT R INNER JOIN CM_RECEIPT_SP_ASSOC RS ON R.CONSENT_RECEIPT_ID=RS.CONSENT_RECEIPT_ID WHERE PII_PRINCIPAL_ID LIKE ? AND PRINCIPAL_TENANT_ID=? AND SP_NAME LIKE ? AND SP_TENANT_ID = ? AND STATE LIKE ? ORDER BY ID ASC LIMIT ? OFFSET ?
at org.wso2.carbon.database.utils.jdbc.JdbcTemplate.executeQuery(JdbcTemplate.java:169)
at org.wso2.carbon.consent.mgt.core.dao.impl.ReceiptDAOImpl.searchReceipt(ReceiptDAOImpl.java:338)
at org.wso2.carbon.consent.mgt.core.dao.impl.ReceiptDAOImpl.searchReceipts(ReceiptDAOImpl.java:290)
... 82 more
Caused by: java.sql.SQLSyntaxErrorException: Table 'WSO2IS_IDENTITY_DB.CM_RECEIPT' doesn't exist
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeQuery(ClientPreparedStatement.java:1003)
at jdk.internal.reflect.GeneratedMethodAccessor53.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:114)
at com.sun.proxy.$Proxy57.executeQuery(Unknown Source)
at
org.wso2.carbon.database.utils.jdbc.JdbcTemplate.executeQuery(JdbcTemplate.java:154) ... 84 更多
【问题讨论】:
-
您看到的错误是在尝试构建错误页面 URL 时发生的。因此,原来的问题似乎被隐藏了。
-
如果您在 log4j2.properties 文件中将以下行更改为 DEBUG,我们将能够更深入地了解调试日志的问题。
logger.org-wso2-carbon-identity.level=INFO -
我按照你的建议做了,我发现了问题,我更新了我的问题。谢谢。
标签: wso2 openid-connect wso2is