您好任何人都可以帮助摆脱这个问题。
我是pingbiederate的新手,并尝试进行IDP启动注销。 使用IDP SLO URL在注销后附加TargetResource参数以重定向。用户注销工作正常,注销后Pingfederate不会重定向到TargetResource URL并仍显示pingfederate注销页面。
编辑:我使用的是PingFederate 6.10版本,从文档中了解TargetResource参数可以在注销后用于重定向。IDP SLO的网址:
我错过了重定向的任何配置。
EDIT-2:
Below is Ping Federate server log, PF server throws
"Nonsuccess Response status: urn:oasis:names:tc:SAML:2.0:status:Responder
Status Message: Unexpected Runtime Authn Adapter Integration Problem."
entityId: HRIM:SAML2:PRODUCTION-IDP (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: aDz9NF0AZEMnJmAy6EM5N9vq8XNcEA
SignatureStatus: VALID
Binding says to sign: true
09:56:31,632 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:null subject:null
09:56:31,632 WARN [HandleLogoutResponse] Invalid response: InMessageContext
XML: <samlp:LogoutResponse Destination="https://192.168.2.64:9031/idp/SLO.saml2" InResponseTo="hk6gFs__DcEmUVt.W5B9YJT6e5R" IssueInstant="2015-06-19T13:56:31.363Z" ID="EpSPm27S53BhzqTEnX6OYS-DeLu" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">HRIM:SAML2:PRODUCTION-IDP</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#EpSPm27S53BhzqTEnX6OYS-DeLu">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>q7i/J6rrBAvwehMrFnr11sQTg6g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>KMfBgt792oj3mfQ6JiWklHNUlh8QpDliYhLGr4NPJ5ti6UnvSBQNVOOIuHXpwvodCElEQJR527M/
94erFkCA9SK1rwy/Ib6jyCZPCaim3qLavOmBQOaiY8ymBEqTPeMvtN/IVKSf4yOhAYEmiIHS/rMs
m2D+UY898kgn+L+/SYs=</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
<samlp:StatusMessage>Unexpected Runtime Authn Adapter Integration Problem.</samlp:StatusMessage>
<samlp:StatusDetail>
<Cause>org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.</Cause>
</samlp:StatusDetail>
</samlp:Status>
</samlp:LogoutResponse>
entityId: HRIM:SAML2:PRODUCTION-IDP (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: aDz9NF0AZEMnJmAy6EM5N9vq8XNcEA
SignatureStatus: VALID
Binding says to sign: true
-------------------------------------
Nonsuccess Response status: urn:oasis:names:tc:SAML:2.0:status:Responder
Status Message: Unexpected Runtime Authn Adapter Integration Problem.
-------------------------------------
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] getRegisteredAuthnBeans(MV8o6ixVX2KuJ9t3lbi5Re) found [IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5] authn beans
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] getIssuedSessions for authnbean IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5 assertion ids: []
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] getIssuedSessions for authnbean IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5 assertion ids: []
09:56:31,632 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: GkIkCfHYlNs9B1UyPtmmiD, name: HtmlFormIdpAuthnAdapter:SESSION): {username=carol@highroads.com, DN=cn=Carol,ou=Users,dc=highroads,dc=com, TargetResource=http://172.25.242.205:8005/index}
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] unregisterAuthnBean IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5 from session id MV8o6ixVX2KuJ9t3lbi5Re. Session now has 0 beans associated with it.
![I'm getting following error page in browser][1]
[1]: http://i.stack.imgur.com/eC43g.png
答案 0 :(得分:1)
/idp/startSLO.ping端点不支持PartnerSpId查询参数。当你点击那个端点时,你告诉PingFed开始一次&#34;单次注销&#34;这是为了让您从浏览器会话中了解PingFed所知道的所有SP - 因此不需要使用PartnerSpId(用于识别您希望与其一起使用的合作伙伴,使用startSSO端点)。
从该端点上的documentation开始,它只支持三个参数:TargetResource,InErrorResource和Binding,所有这些参数都是可选的。
答案 1 :(得分:0)
我解决了问题。请点击以下网址,非常有帮助。
https://ping.force.com/Support/PingIdentityVideoLibrary?id=2415947630001