PingFederate：无法从IdP身份验证服务获取属性

Question

我在尝试调用PingFederae StartSSO.ping端点时遇到此异常。

12:49:54,153 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/startSSO.ping
12:49:54,157 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,157 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null} replacing Cookie{PF=F1OpbNzE8iYqMJq6UcG5wa; path=/; maxAge=-1; domain=null}
12:49:54,157 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: null, newKey: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS, value: 1)
12:49:54,157 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null}
12:49:54,160 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response). 
12:49:54,232 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/ENvrS/resumeSAML20/idp/startSSO.ping
12:49:54,233 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] getAttr(key: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS): 1
12:49:54,233 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null} replacing null
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: LotsmXsBxdLFrhrm8OVFYE, newKey: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS, value: 2)
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS): 2
12:49:54,233 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:sbwb-ppc-idp subject:null
12:49:54,233 ERROR [HandleAuthnRequest] Exception occurred during request processing
org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.
    at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:54)
    at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:78)
    at org.sourceid.saml20.profiles.ProfileProcessManager.resumeHandleRequest(ProfileProcessManager.java:73)
    at $ProfileProcessMgmtService_1461cd08008.resumeHandleRequest($ProfileProcessMgmtService_1461cd08008.java)
    at org.sourceid.websso.servlet.IntegrationControllerServlet.process(IntegrationControllerServlet.java:63)
    at org.sourceid.websso.servlet.EnforcerServletBase.checkProcess(EnforcerServletBase.java:89)
    at org.sourceid.websso.servlet.EnforcerServletBase.doGet(EnforcerServletBase.java:138)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:669)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1448)
    at org.sourceid.servlet.filter.NoCacheFilter.doFilter(NoCacheFilter.java:55)
    at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
    at org.sourceid.websso.servlet.ProxyFilter.doFilter(ProxyFilter.java:34)
    at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:126)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:368)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
    at java.lang.Thread.run(Thread.java:722)
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
    at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:141)
    at org.sourceid.saml20.profiles.idp.HandleAuthnRequest.doResume(HandleAuthnRequest.java:245)
    at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.exeResume(ResumableRequestHandlerBase.java:66)
    at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:50)
    ... 43 more
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
    at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthNHelper(IdpAuthnAdapter.java:159)
    at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthN(IdpAuthnAdapter.java:78)
    at org.sourceid.websso.authn.AdapterAuthnProcessor.lookupAuthN(AdapterAuthnProcessor.java:96)
    at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:132)
    ... 46 more
12:49:54,238 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null}
12:49:54,239 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response). 

我认为当PingFederate找不到应用程序生成的OpenToken时会调用此异常。但cookie存在于浏览器中。

Ping Federate应用程序显示错误页面：

我的Idp Adapter设置如下：

cookie-path=/
use-verbose-error-messages=false
cipher-suite=2
obfuscate-password=true
session-cookie=false
password=Kyx+ElfeRRDkPRYZoVF3BQ==
token-name=opentoken
cookie-domain=.banka.liferay.com
token-notbefore-tolerance=0
token-renewuntil=43200
use-sunjce=false
secure-cookie=false
token-lifetime=300
use-cookie=true

我正在努力找出这个问题的原因。但没有成功。

这个问题的原因是什么？它与Ping Federate有关，还是我在配置中遗漏了什么？

以下是IdP适配器的屏幕截图：

以下是SP连接摘要：

Answer 1

是否可以将您重定向到主机名为localhost的简历URL？在这种情况下，您的浏览器不会将发送到.banka.liferay.com的cookie发送到服务器，因此会出错。