我也在尝试探索fedlet + adfs联盟。
我拥有的是:
安装在计算机A上的adfs服务器。我还添加了fedlet作为依赖部分,但是当我进入回复方联合元数据网址并单击测试网址时,它会抛出异常: 读取联合元数据时发生错误。验证url或主机名是否为有效的联合元数据端点。 但是我在依赖部分添加了fedlet证书,并且设置算法是SHA-1。
在机器B上完成openam设置。在openam和tomcat中在同一台机器上添加了adfs证书。
使用此openam构建创建了一个fedlet,并将adfs设置为我的托管身份提供程序,它安装在计算机A上。此生成的fedlet war也部署在计算机B上
发生了什么:
当我从机器A的浏览器访问fedlet链接时,必须点击第1行的链接,它会调用adfs并要求提供adfs登录凭据。
一旦我输入凭据,它会将我重定向回fedlet应用程序,但以下异常会被抛出:
Http状态500 - 响应中的状态代码无效。
如果有人能帮我解决这个例外,我将非常感激。
更新
当我使用firefox的saml tracer插件解码发送到fedlet应用程序的响应时,我得到以下内容:
pVZpk6LKEv3%2BIt5%2F6Oj5SHSzimh0d0QBLqiobKJ8ecFSIsgmBbL8%2Bov2OK%2B7x5k39z6JcMlKT9bJU5WZL8iOo2yoQpSlCYIPkvj6%2BB%2BX4TjW8ZinPU3vn5g9yz05LMs8eSzDEIRjk9CDj%2F%2F%2B18OX1wbmKEiT10fqmbizLCFUQilBhZ0UnQ9BUk8k%2BUQROjEY9ohhr%2F9M0rR1548iREWQ2MUV%2B1AUGRrieP18ffA99CJYfP%2BwsywK3KvnHRzhwvASu8yTYWqjAA0TO4ZoWLhDDciLYbfvofvuNCwTlEE32AfQu8cluWVMT18fEeUyFAG5Pst6vR7L0LTrsjTLUHZv4PaJHuvZLNlzaOJe1uo4StDwKsPvd5blaZG6aXQH4%2B3d9HJNcf4O%2BXswGyGYX%2FP0dslol1Db26NnL43tIHl20%2Fj6G%2B%2BczoELEV7kJSpe8PcAt3AeGmqB3ylT5vA7Dw%2B9S9QBVlX1XNHPae7jFEEQODHAOx8PBf63x7f%2FcrihQE9K9unbZ3KXRcFO0qRTNQraq7IyLA6p9wAiP82D4hD%2FIiCJk8Ql4BOs3SeXZJJvjw%2F4HfgfDP4Q9xORHNlP6GCT96FVuIc5TFz4YKjS6 %2BO3P7tYbz%2FrewHTcztB%2BzSP0R2Hn5z%2BHg2YnGGUZtB7Qrds%2FMzon8X5ExmuqPj%2F4niJKwZ%2BVwz%2BiVL3VfqMu7GjEr55ZX9anpIN2bf6qoct96bqrszMOs92r9ddfnT%2BIjr%2BUfWPhxz%2F1Sn%2FdATfMXf2EqT0SJLI49QOGnqZm0WTJUpPTaaypiog27Pbs7tjTUFgGCsmZlFu2cfjckU006q%2FHkT7zelc78wGyQythpzobCYBNjuhY6GUROvaU2%2FPMP05e9R9ZtuPPMWWpVHsj%2Bt1eZhVcrPqp9i2EElWbQQqFARrMAl3P qUjESMYV9C1FOgL45zmlrW2R%2BF%2BLmwXI08cGOo%2BwAesH6hj3%2B%2BdMNiGU7IsqNY%2FlHr37lq8OeZmNUkJ7KHAcDgZr0f2om8d0h5LMbXXXYOpv%2FHLw1JbgRmcmU5ixgfBXXBOnzvJRL4O%2BRS%2BNwbhVJm6XLOwkCILo%2FmZQ81JdzyIn4WDJ2VujCowckdBKWm2T58oAF5ff4jwIdcfhJjD5qLNrXr%2BvSp2k3LbIwaiXdi%2FOGeXZeFSePeXNgXfZEkS6C7BwLV9UEk88CXFoOK68sPVmBmDjCYtpwYKbMGS94%2BnwzGYDCqCBwoaAxHksnasZtVO3CiKOGp4Xh1ZujReZhbVy5zY9RcaT9sm09itX1pmr91tZ8UiXp4dHcBxRdRyOKpl0a3k1mDkkLevtvazTRZQPddBwvvLDQ9kXRqNR2ok%2BwYVJU4clVYDCmnqZU44y1dCL3KS5cGNiXJHDYqOHy%2BFX%2FC%2BGgOwEoDCgcu64M%2B77yOQzeuUDHB9uuOqJZrI%2FcBuIW5PxxMu4bdYP%2FDS88KYZAZacO3By2miCEuVZ%2BtclRf0fn7Gp%2BegpbE6JVZy6ykGia1U3m0AEBkL2yxoYiEYRInlSdV4Hr6ar4Kgql1sPGkt6kTvBxUTCyaIHCTRbdavV4W%2F25BrsivLTTEjJ0Wk4dZ0MyvXihVmMuLoaGVtNqmhRhHGnYxeaRqN6QasFFcZq54napYw51lTj8wskQsNKD0qYo9OuLD0CO1VFVfpdWSRM2LJl%2BRaBAvZ3x7yqXscTBJB5wbqZK7vnXPeugI3O% 2BSM0RLmCizNnSjHa0WjS42khd7a7Z82JEpzODpHI9USKJfWdoGAjs7BLxRJBArgZUBMBO000SSHFpURL1QGAEx33hTe8nLYqpQYOw3XAjvsT%2FltVyfWerYJnUgtx2OJYXYn2VDPYh1L3FkaVGo4XxaZcqIaQ wudrZqmLhpVOzecjgWBNGe5iRlJuDrYbojpwuGEHTlmBU%2FmhK4yaZq4Jh3QvfocZlufqAmy8Bel4YOVtFtSq3mCHTcoL3DnCBtSbR14sPgQQUmiNDs4JtDugT1OcnYc6GW1sAG5Ya2d56i67i3pNVaLE6ewgbeeDTQ585Vdj1tjyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9f
以上代码采用编码形式,请解码。
因此根据我的理解,由于一些无效的nameid策略而导致异常。我该如何解决这个问题?
答案 0 :(得分:0)
“读取联合元数据时发生错误。”
你经常可以忽略这一点。我假设您的连接是https?
为什么你有fedlet的证书?您是否尝试签署AuthnResponse?
查看ADFS日志记录 - How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)
在fedlet中设置登录 - 在FederationConfig.properties中:
#com.iplanet.services.debug.level=error
com.iplanet.services.debug.level=message
查看SAML数据 - ADFS : I want to see the SAML data