SAML - 服务提供商无法处理请求

时间:2015-12-08 18:36:46

标签: saml-2.0 picketlink

我自学SAML。我正在学习使用纠察队列快速入门:https://github.com/jboss-developer/jboss-picketlink-quickstarts

我在运行于端口9080的wildfly 9.0.2和部署在wildfly 9.0.2中的picketlink-federation-saml-sp-post-basic-wildfly.war中部署了picketlink-federation-saml-idp-basic-wildfly.war在端口8080.我还更新了standalone.xml以更新IDP和SP的安全域。

我在样本中唯一的变化是更新picketlink-jbas7的依赖关系,因为样本2.8.0.Beta1-SNAPSHOT中的版本无法解决。我在IDP中使用的maven依赖是:

<dependency>
        <groupId>org.picketlink.distribution</groupId>
        <artifactId>picketlink-jbas7</artifactId>
        <version>2.7.0.Final</version>
        <scope>provided</scope>
</dependency>

我面临的问题是,当我登录IDP并点击SP链接时,我会在SP日志中得到以下异常:

23:05:55,833 ERROR [org.picketlink.common] (default task-5) Service Provider could not handle the request.: java.lang.NullPointerException
at org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler$SPTrustHandler.handleStatusResponseType(SAML2IssuerTrustHandler.java:143)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler.handleStatusResponseType(SAML2IssuerTrustHandler.java:70)
at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:516)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:306)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:268)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:339)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:356)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:325)
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:138)
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:113)
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:106)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

请让我知道我做错了什么。

由于

2 个答案:

答案 0 :(得分:2)

我从picketbox快速入门学习了同样的问题。我正在使用wildfly 10.1.0.Final。

我注意到的第一件事是为了获得&#34; 基本&#34;工作是必要的(https://github.com/jboss-developer/jboss-picketlink-quickstarts):

  • IDP: picketlink-federation-saml-idp-basic
  • SP(s): picketlink-federation-saml-sp-post-basic picketlink-federation-saml-sp-redirect-basic

为了简单起见,我将所有生成的.war部署在一个容器中。

有两件事帮助我找到了正在发生的事情:

  • 启用TRACE调试
  • 版本的picketlink在Wildfly 10中 2.5.5.SP2 而在 picketlink-wildfly8-2.5.5.SP2中的该软件包中找不到 SAML2LoginModule 的.jar 即可。

特别是我遇到登录模块出现此错误的问题:

meetingRoom

我所做的是将登录模块更改为: org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule ,快速入门开始工作。

答案 1 :(得分:1)

我放弃了picketlink。

我使用openSAML,我能够开发IDP启动和SP启动的流程,没有任何问题。

参考文献:
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManual# https://github.com/rasmusson/webprofile-ref-project