【问题标题】:Setting the default IdP for the API store applications in wso2在 wso2 中为 API 存储应用程序设置默认 IdP
【发布时间】:2017-01-09 22:18:41
【问题描述】:

我正在使用以 Identity Server 作为密钥管理器的集群环境。我一直在尝试使用隐式授权和授权来测试我们的应用程序和 JWT 声明。当我创建一个应用程序时,它会将自己设置为服务提供者,并将本地和出站身份验证作为默认设置,而不是使用 SAML for Shibboleth 的联合身份验证。我关注了这个post,我厌倦了它的多种变体。我尝试在 [IS_HOME] /repo/conf/identity/service-provider 中配置两个文件。 default.xml 和 sp_dashboard.xml。当我配置 sp_dashboard 时似乎什么也没发生。但是当我配置 default.xml 并尝试通过隐式授权获取我的访问令牌时,我得到了这个错误。

此外,无需任何配置,一切正常,但需要用户使用隐式授权和授权授权再次登录。然后,当您使用 URL 中的访问令牌隐式登录时,我会将其授予碳,但授权将我带到碳,而无需使用任何代码。

日志错误

TID: [-1234] [] [2017-01-09 14:48:36,323] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} -  Exception in Authentication Framework java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
    at java.util.ArrayList.rangeCheck(ArrayList.java:653)
    at java.util.ArrayList.get(ArrayList.java:429)
    at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:208) at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:173)
    at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:121)
    at org.wso2.carbon.identity.application.authentication.framework.handler.request.ipl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:137)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1062)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:203)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265

页面错误

这是我当前的配置

SP_DASHBOARD

<ServiceProvider>
    <ApplicationID>2</ApplicationID>
    <ApplicationName>wso2_sp_dashboard</ApplicationName>
    <Description>Default Service Provider</Description>
    <InboundAuthenticationConfig>
            <InboundAuthenticationRequestConfigs>
                    <InboundAuthenticationRequestConfig>
                            <InboundAuthKey>wso2.my.dashboard</InboundAuthKey>
                            <InboundAuthType>samlsso</InboundAuthType>
                            <Properties></Properties>
                    </InboundAuthenticationRequestConfig>
            </InboundAuthenticationRequestConfigs>
    </InboundAuthenticationConfig>
    <LocalAndOutBoundAuthenticationConfig>
            <AuthenticationSteps>
                    <AuthenticationStep>
                            <StepOrder>1</StepOrder>
                            <FederatedIdentityProviders>
                            <IdentityProvider>
                                   <Name>IdPSSO</Name>
                                 <FederatedAuthenticatorConfigs>
                                         <FederatedAuthenticatorConfig>
                                                 <Name>SAMLSSOAuthenticator</Name>
                                         </FederatedAuthenticatorConfig>
                                 </FederatedAuthenticatorConfigs>
                             </IdentityProvider>
                            </FederatedIdentityProviders>
                            <SubjectStep>true</SubjectStep>
                            <AttributeStep>true</AttributeStep>
                    </AuthenticationStep>
            </AuthenticationSteps>
            <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
            <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
    </LocalAndOutBoundAuthenticationConfig>
   <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
   <InboundProvisioningConfig></InboundProvisioningConfig>
    <OutboundProvisioningConfig></OutboundProvisioningConfig>
    <ClaimConfig>
      <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
   </ClaimConfig>
    <PermissionAndRoleConfig></PermissionAndRoleConfig>

默认

<ServiceProvider>
    <ApplicationID>1</ApplicationID>
    <ApplicationName>default</ApplicationName>
    <Description>Default Service Provider</Description>
    <InboundAuthenticationConfig>
            <InboundAuthenticationRequestConfigs>
                    <InboundAuthenticationRequestConfig>
                            <InboundAuthKey>default</InboundAuthKey>
                            <InboundAuthType></InboundAuthType>
                            <Properties></Properties>
                    </InboundAuthenticationRequestConfig>
            </InboundAuthenticationRequestConfigs>
    </InboundAuthenticationConfig>
    <LocalAndOutBoundAuthenticationConfig>
            <AuthenticationSteps>
                    <AuthenticationStep>
                            <StepOrder>1</StepOrder>
                            <FederatedIdentityProviders>
                             <IdentityProvider>
                                   <Name>IdPSSO</Name>
                                 <FederatedAuthenticatorConfigs>
                                         <FederatedAuthenticatorConfig>
                                                 <Name>SAMLSSOAuthenticator</Name>
                                         </FederatedAuthenticatorConfig>
                                 </FederatedAuthenticatorConfigs>
                             </IdentityProvider>
                            </FederatedIdentityProviders>
                            <SubjectStep>true</SubjectStep>
                            <AttributeStep>true</AttributeStep>
                    </AuthenticationStep>
            </AuthenticationSteps>
    </LocalAndOutBoundAuthenticationConfig>
    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
    <InboundProvisioningConfig></InboundProvisioningConfig>
    <OutboundProvisioningConfig></OutboundProvisioningConfig>
    <ClaimConfig>
      <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
   </ClaimConfig>
    <PermissionAndRoleConfig></PermissionAndRoleConfig>

【问题讨论】:

    标签: wso2 saml-2.0 wso2is wso2-am wso2carbon


    【解决方案1】:

    找出我必须做的配置。它在 IS default.xml 中。看起来 IsEnabled 是我的配置中缺少的重要部分。

    <FederatedIdentityProviders>
        <IdentityProvider>
          <IdentityProviderName>IdPSSO</IdentityProviderName>
              <IsEnabled>true</IsEnabled>
           <FederatedAuthenticatorConfigs>
             <FederatedAuthenticatorConfig>
                <Name>SAMLSSOAuthenticator</Name>
                <IsEnabled>true</IsEnabled>
              </FederatedAuthenticatorConfig>
           </FederatedAuthenticatorConfigs>
           <DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig>
         </IdentityProvider>
    </FederatedIdentityProviders>
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2010-09-25
      • 1970-01-01
      • 2018-02-07
      • 2017-09-04
      • 2012-12-28
      • 1970-01-01
      • 2012-10-27
      相关资源
      最近更新 更多