我正在使用WSO2 IS(5.0.0)和WSO2 APIM(1.8.0)开发POC。我们还使用ADFS进行SSO。
在WSO2 IS中,我已将ADFS添加为IDp并已配置并已配置" SAML2 Web SSO配置"。我在她的博客中使用了Pushpalanka提供的示例应用程序。当我访问sample application时,出现以下异常:
TID [-1234] [IS] [2015-05-11 16:56:27,533]错误{org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - 引导OpenSAML2库组织时出错。 opensaml.xml.XMLConfigurator。(XMLConfigurator.java:98)org.opensaml.xml.XMLConfigurator。(XMLConfigurator.java:73)org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:182)org.opensaml.DefaultBootstrap.bootstrap( DefaultBootstrap.java:87)org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.doBootstrap(SAMLSSOUtil.java:426)org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.unmarshall(SAMLSSOUtil。 java:231)org.wso2.carbon.identity.sso.saml.SAMLSSOService.validateSPInitSSORequest(SAMLSSOService.java:68)org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleSPInitSSO(SAMLSSOProviderServlet.java:259) org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:177)org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet。 java:91)javax.servlet.http.HttpServlet.service(HttpServlet.java:735)javax.servlet.http.HttpServlet.service(HttpServlet.java:848)org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service( ContextPathServletAdaptor.java:37)org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)javax.servlet.http.HttpServlet.service(HttpServlet.java:848)org.wso2.carbon.tomcat.ext.servlet。 DelegationServlet.service(DelegationServlet.java:68)org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)org.wso2。 carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(A pplicationFilterChain.java:243)org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)org.apache.catalina.core。 StandardContextValve.invoke(StandardContextValve.java:123)org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)org.apache。 catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve $ 1 .invoke(CarbonTomcatValve.java:47)org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47 )org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)org.wso2.carbon.tomca t.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke( CarbonContextCreatorValve.java:52)org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)org.apache.coyote.http11。 AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:589)org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.run(NioEndpoint.java:1653) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615)java.lang.Thread.run(Thread.java:745)
我的目标是实现委托访问控制模式。任何参考/样本都会有所帮助
答案 0 :(得分:0)
您需要将ADFS IDP配置为服务提供商的联合身份验证。它可以通过本地&中的联合身份验证选项进行配置。服务提供商应用程序的出站身份验证配置设置。有关详细信息,请参阅this link。