我将Spring-Security-Saml示例应用程序用作SP,将ADFS 2.0用作IdP。我按照此处描述的说明http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/。设置完成后我可以登录系统,但是在全局注销时,ADFS会抛出NullReferenceException(Event Id 303):
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.IdentityServer.Service.SamlProtocol.SingleLogoutService.LogoutNextSessionParticipant()
at Microsoft.IdentityServer.Service.SamlProtocol.SingleLogoutService.ProcessLogoutRequest(LogoutRequest logoutRequest, Boolean& validLogoutRequest)
at Microsoft.IdentityServer.Service.SamlProtocol.SingleLogoutService.ProcessMessage(SamlMessage samlMessage, BindingInformation bindingInformation, Boolean validResponseMessage, Boolean& validLogoutRequest)
答案 0 :(得分:0)
我遇到了同样的问题,除了我的情况,我使用的是ADFS 3.0。告诉Spring Security SAML签署注销响应,为我修复了它。这是通过将ExtendedMetadata bean上的requireLogoutResponseSigned设置为true来配置的。
空引用错误消息不是很有用。当我在C:\Windows\ADFS\Microsoft.DeviceRegistration.ServiceHost.exe.config文件中启用跟踪时,我在事件查看器中的跟踪日志中收到以下错误消息。
Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureVerificationException: MSIS7074: SAML authentication request for the WebSSO profile must specify an issuer with no NameQualifier, SPNameQualifier or SPProvidedId properties.
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateSignatureRequirements(SamlMessage samlMessage)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Logout(HttpSamlMessage logoutMessage, String sessionState, String logoutState, Boolean partialLogout, Boolean isUrlTranslationNeeded, HttpSamlMessage& newLogoutMessage, String& newSessionState, String& newLogoutState)
搜索它可以提供更多有用的结果。