我有一个主要和辅助IS配置相同:
https://docs.wso2.com/display/IS500/Connecting+Two+Identity+Servers+with+SAML+SSO
我通过二级IDP登录。然后我发出IDP发起的注销。类似的东西:
https://host/samlsso?slo=true&spEntityID=spEntityID
然后从主服务器向辅助服务器发送注销请求,但是辅助服务器会记录以下错误:
TID: [0] [IS] [2015-11-13 12:56:56,011] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query string : SAMLRequest=nZJfT8MgFMXf%2FRSE9279Y91G1k6TxaSJzsROH3yjFDqUQuWyZX57S%2Bfm9MEHXwhczj05%2FC7zxb5VaMctSKMzHI1CjLhmppa6yfDT%2BjaY4kV%2BMQfaqrgjd6YxW%2FfI37ccHFr2i9TUDa0b5zog4%2FGOKlkPtcAN981ISMuZ7Q9MSS0ZVSNm2rG3BDAYFcsMq7rrRKuaTjVC6uptI0TFuN6YttnU7FVWVSOp1G2vBtjyQoOj2mU4DqM0iKIgStZRTNIrkiSjy0n0gtHKuAf9YG%2BE4%2FanLiFh9K175BR8%2FrJPqjg6vBCj5yOS2CPpIWkgBwgZ3lpNDAUJRNOWA3GMlDf3d6SXks4aZ5hROD8wI0Nee%2B7wtwEF4Nbjw%2FmJGyrK%2Bfjc7mi%2B6tuLJbo1tqXub19fkXUgBinh2kn3gf8Vy481Tq8F8xs%2FymO2Q5r8%2BFlKDh5hoWu%2Bz0VazcI0ZMEsjKfBJetnUcUsCcSMT2pWx9NZGH75%2FOo8VX98vvwT&RelayState=fa32a09d-718b-4342-8eb0-11f6ba8a0074&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=QwEOj%2BQoPXAJscKV9%2BEVcvR%2FqzGr7IPs%2FlTsMIIK8PP0mCDGOKgwVZ96zVv2jZtYyhjMIzVvQRx8x6kJG6RNtrnkbfakHtMJE6WuB8I9IX%2B6cGoJ47RBh79WxjN8EVjOpn9BX%2BGIXdK5ds8ZkP9KGQ80Nj3BfHxHlbhJ4QKSSOwtBrlZm7oPFQjpEuMHHHnLihaaQbSLrLk%2FdwfMHgfdqxayU9nJs31Ay1lT4fiIuCM2WDZc%2BBd4m0Lc8fdGgOYgEUoIby511pRck17Za6x%2B8x2bQgNLhilmcx i5aEvZPx66FD799Fzxz3qIFOBr%2FDw%2Fieq3emGMWbx%2FQRLuAPfOSQ%3D%3D {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet}
TID: [0] [IS] [2015-11-13 12:56:56,012] DEBUG {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message <?xml version="1.0" encoding="UTF-8"?>
<saml2p:LogoutRequest Destination="https://validation-testing.firecrestclinical.com/samlsso" ID="ldppfmlgplgfinbkhffbcenhomghdcjibbgiainm" IssueInstant="2015-11-13T12:56:33.471Z" NotOnOrAfter="2015-11-13T13:01:33.471Z" Reason="Single Logout" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">firecrest IS</saml2:Issuer><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">test25@fctest.com</saml2:NameID><saml2p:SessionIndex>f5b9050c-9028-4c11-b2c3-f9e7dcd28900</saml2p:SessionIndex></saml2p:LogoutRequest> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil}
TID: [0] [IS] [2015-11-13 12:58:43,668] ERROR {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor} - Session index value not found in the request {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor}
你可以在消息中看到会话索引,那么为什么LogoutRequestProcessor说在请求中找不到会话? 下载源并尝试调试后,我找不到LogoutRequestProcessor日志消息的相应源代码? 你对这个问题有任何想法吗?
另外值得一提的是,在接收Logout请求时,SAML2令牌Id在尝试从请求中读取cookie时为空。但是,这个cookie在我退出时在我的浏览器中?
答案 0 :(得分:0)
使用SAML测试联合IdP连接。执行注销时,O也会出现类似的错误。
中间WSO2 IdP的错误消息是:
TID[-1234] [IS] [2016-06-02 10:54:13,239] ERROR {org.wso2.carbon.identity.sso.saml.processors.SPInitLogoutRequestProcessor} - ssoTokenId cookie not found in the logout request
Travelocity工具发送了以下注销请求:
saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://wso2.red.com:9443/samlsso"
ID="omglmhflmkgjeabbmedkogjgggfbkkobpemlonaa"
IssueInstant="2016-06-02T11:34:41.282Z"
NotOnOrAfter="2016-06-02T11:39:41.282Z"
Reason="Single Logout"
Version="2.0"
>
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wso2_saml_sandbox_claude</saml2:Issuer>
<saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
>myuserid@red.com</saml2:NameID>
<saml2p:SessionIndex>uuid10ba3d9d-0155-15d5-9fc0-b62b3428c817</saml2p:SessionIndex>
</saml2p:LogoutRequest>
欢迎支持解决此问题。