https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012写的大部分内容 对我来说已经足够了,但它只是它的一部分。
我在Open AM中使用领域,我希望重定向使用领域。
我更改了OpenSSOAgentBootstrap.properties中的属性以反映领域
com.sun.identity.agents.config.organization.name = /LdapRealm
和OpenSSOAgentConfiguration.properties更改如下
com.sun.identity.agents.config.login.url[0]=http://verify.organisation.com:8080/OpenAM/XUI/#login/&realm=LdapRealm
但问题是当真正的重定向发生时,url不考虑领域(我已经尝试过?realm = LdapRealm /但是在liferay服务器中,上面的URL能够指示)
以下是我获得重定向的内容(参见没有领域显示)
此外,cookie用户未正确设置为我登录的用户,因此也获得了403
我需要查看的其他属性是什么。
----------------后来添加----------------
扼杀即使我手动将网址更改为
http://verify.wipro.com:8080/OpenAM/XUI/#login/&realm=LdapRealm&goto=http%3A%2F%2Falfresco.oraganisation.com%3A8080%2Fshare%2Fpage%2F
我在debug.out中遇到以下错误/我也尝试过选项/ OpenAM / UI / Login?realm = LdapRealm但是它被自动重定向到http://verify.wipro.com:8080/OpenAM/XUI/#login/&realm=LdapRealm
错误如下所示
amWebPolicy:03/24/2015 06:45:46:323 AM UTC: Thread[http-bio-8080-exec-7,5,main]
ERROR: AmWebPolicy: Unable to check policy for resource: http://alfresco.organisation.com:8080/share/page/, action: GET; Access will be denied
com.sun.identity.policy.remote.PolicyEvaluationException: Server reported Exception, serverMessage=Evaluation error.
Unable to retrieve application under realm /.
Unable to retrieve application under realm /.
at com.sun.identity.policy.client.ResourceResultCache.getResultsFromServer(ResourceResultCache.java:745)
at com.sun.identity.policy.client.ResourceResultCache.getResourceResults(ResourceResultCache.java:563)
at com.sun.identity.policy.client.ResourceResultCache.getPolicyDecision(ResourceResultCache.java:345)
at com.sun.identity.policy.client.ResourceResultCache.getPolicyDecision(ResourceResultCache.java:250)
at com.sun.identity.policy.client.PolicyEvaluator.getPolicyDecision(PolicyEvaluator.java:403)
at com.sun.identity.agents.policy.AmWebPolicy.checkPolicyForResource(AmWebPolicy.java:143)
at com.sun.identity.agents.filter.URLPolicyTaskHandler.process(URLPolicyTaskHandler.java:122)
at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:194)
at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:157)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:70)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
答案 0 :(得分:0)
我建议将login.url配置为仍然指向旧版UI(即/ OpenAM / UI / Login?realm = / LdapRealm),因为在该端点前面有一个非常特殊的过滤器(当XUI是enabled)将传入的请求重定向到正确的XUI端点。
不幸的是,目前代理无法使用其中包含#个字符的登录URL,这意味着代理会构造无效的URL?在#之后。这可能是您问题的根本原因。