【发布时间】:2018-10-25 10:48:54
【问题描述】:
我遵循了这个指南:
https://dzone.com/articles/get-started-with-spring-boot-saml-and-okta
一开始一切都很顺利。但随后应用程序进入了无限循环:在浏览器的 url 中,它重定向到 Okta 的登录页面,反之亦然。当我通过删除 cookie 清除 Chrome 中的浏览数据时,一切又开始正常工作。但有时无限循环再次上升。以下是一些例外情况:
2018-05-15 20:16:23.027 INFO 11136 --- [nio-8443-exec-1]
o.s.security.saml.log.SAMLDefaultLogger : AuthNResponse;FAILURE;0:0:0:0:0:0:0:1;https://localhost:8443/saml/metadata;http://www.okta.com/exkezd0f1qtnMMYy90h7;;;org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
...
Caused by: org.springframework.security.authentication.CredentialsExpiredException: Authentication statement is too old to be used with value 2018-05-15T11:46:27.900Z
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAuthenticationStatement(WebSSOProfileConsumerImpl.java:538)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:306)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214)
... 64 more
请帮忙!
【问题讨论】:
标签: java spring spring-boot spring-saml okta