我正在使用WSO2 IS V5.2并且我已经能够使用我自己发布的服务器证书配置WSO2 IS并且还使其能够接受我的测试CA颁发的客户端证书,至少用于传输(当我使用浏览器访问管理员应用程序,我得到一个弹出窗口并选择一个客户端证书,然后我到达管理员应用程序的登录页面)。
我想使用客户端证书身份验证来访问WSO2 IS管理应用程序(https://:9443 / carbon),但我还没有完成,并且到目前为止尝试过很多不同的事情。< / p>
有没有人知道要让管理员应用程序接受SSL身份验证需要做些什么?
谢谢, 吉姆
编辑1:我尝试实施建议的更改,但到目前为止,当我点击https://:8443 / carbon时,我获得了一个证书弹出窗口,然后我进入控制台登录页面,没有登录已经发生了。我尝试配置log4j.properties,但是当我进行上述测试时(使用带有客户端证书的浏览器访问/ carbon),日志文件绝对没有其他输出。
这是我现在拥有的log4j.properties。有人可以建议我如何改变它以给我更多关于可能发生的事情的输出吗?
谢谢!
log4j.rootLogger=DEBUG, CARBON_CONSOLE, CARBON_LOGFILE, CARBON_MEMORY, CARBON_SYS_LOG
log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE
log4j.logger.org.apache.axis2.wsdl.codegen.writer.PrettyPrinter=ERROR, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.axis2.clustering=INFO, CARBON_CONSOLE, CARBON_LOGFILE
log4j.logger.org.apache=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.catalina=DEBUG
log4j.logger.org.apache.tomcat=DEBUG
log4j.logger.org.wso2.carbon.apacheds=DEBUG
log4j.logger.org.apache.directory.server.ldap=DEBUG
log4j.logger.org.apache.directory.server.core.event=WARN
log4j.logger.com.atomikos=INFO,ATOMIKOS
log4j.logger.org.quartz=WARN
log4j.logger.org.apache.jackrabbit.webdav=WARN
log4j.logger.org.apache.juddi=ERROR
log4j.logger.org.apache.commons.digester.Digester=WARN
log4j.logger.org.apache.jasper.compiler.TldLocationsCache=WARN
log4j.logger.org.apache.qpid=WARN
log4j.logger.org.apache.qpid.server.Main=INFO
log4j.logger.qpid.message=WARN
log4j.logger.qpid.message.broker.listening=INFO
log4j.logger.org.apache.tiles=WARN
log4j.logger.org.apache.commons.httpclient=ERROR
log4j.logger.org.apache.coyote=WARN
log4j.logger.org.apache.solr=ERROR
log4j.logger.me.prettyprint.cassandra.hector.TimingLogger=ERROR
log4j.logger.org.wso2=INFO
log4j.logger.org.apache.axis2.enterprise=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.shared.ldap=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.server.ldap.handlers=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
#Following are to remove false error messages from startup (IS)
log4j.logger.org.apache.directory.shared.ldap.entry.DefaultServerAttribute=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.server.core.DefaultDirectoryService=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.shared.ldap.ldif.LdifReader=ERROR, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.server.core=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
log4j.logger.org.apache.directory.server.ldap.LdapSession=DEBUG, CARBON_LOGFILE, CARBON_MEMORY
#Hive Related Log configurations
log4j.logger.DataNucleus=ERROR
log4j.logger.Datastore=ERROR
log4j.logger.Datastore.Schema=ERROR
log4j.logger.JPOX.Datastore=ERROR
log4j.logger.JPOX.Plugin=ERROR
log4j.logger.JPOX.MetaData=ERROR
log4j.logger.JPOX.Query=ERROR
log4j.logger.JPOX.General=ERROR
log4j.logger.JPOX.Enhancer=ERROR
log4j.logger.org.apache.hadoop.hive=WARN
log4j.logger.hive=WARN
log4j.logger.ExecMapper=WARN
log4j.logger.ExecReducer=WARN
log4j.logger.net.sf.ehcache=ERROR
log4j.logger.org.opensaml.xml.security.credential.criteria=DEBUG
log4j.logger.org.wso2.carbon.user.core=DEBUG
log4j.logger.org.wso2.carbon.identity=DEBUG
log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG
log4j.logger.org.wso2.carbon.identity.application=DEBUG
log4j.logger.org.wso2.carbon.identity.application.authentication.framework=DEBUG
#log4j.logger.org.wso2.carbon.identity.mgt=DEBUG
#log4j.logger.org.wso2.carbon.identity.oauth2=DEBUG
#log4j.logger.org.wso2.carbon.identity.scim=DEBUG
#log4j.logger.org.wso2.carbon.identity.mgt=DEBUG
log4j.logger.org.wso2.carbon.idp.mgt=DEBUG
#log4j.logger.org.wso2.carbon.identity.provisioning=DEBUG
#log4j.logger.org.wso2.carbon.identity.user.account.association=DEBUG
#log4j.logger.org.wso2.carbon.identity.user.profile.mgt=DEBUG
log4j.logger.org.wso2.carbon.security=DEBUG
log4j.logger.org.wso2.carbon.identity.sso.agent=DEBUG
log4j.logger.org.wso2.carbon.identity.core=DEBUG
log4j.logger.trace.messages=TRACE,CARBON_TRACE_LOGFILE
log4j.additivity.org.apache.axis2.clustering=false
log4j.additivity.com.atomikos=false
log4j.additivity.org.apache=false
# CARBON_CONSOLE is set to be a ConsoleAppender using a PatternLayout.
log4j.appender.CARBON_CONSOLE=org.wso2.carbon.utils.logging.appenders.CarbonConsoleAppender
log4j.appender.CARBON_CONSOLE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
# ConversionPattern will be overridden by the configuration setting in the DB
log4j.appender.CARBON_CONSOLE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m%n
log4j.appender.CARBON_CONSOLE.layout.TenantPattern=%U%@%D[%T]
log4j.appender.CARBON_CONSOLE.threshold=DEBUG
# CARBON_MEMORY is set to be a MemoryAppender using a PatternLayout.
log4j.appender.CARBON_MEMORY=org.wso2.carbon.logging.service.appender.CarbonMemoryAppender
log4j.appender.CARBON_MEMORY.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.CARBON_MEMORY.bufferSize=200
# ConversionPattern will be overridden by the configuration setting in the DB
#log4j.appender.CARBON_MEMORY.layout.ConversionPattern=[%d] %5p - %x %m {%c}%n
log4j.appender.CARBON_MEMORY.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
log4j.appender.CARBON_MEMORY.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.CARBON_MEMORY.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
log4j.appender.CARBON_MEMORY.threshold=DEBUG
# CARBON_LOGFILE is set to be a DailyRollingFileAppender using a PatternLayout.
log4j.appender.CARBON_LOGFILE=org.wso2.carbon.utils.logging.appenders.CarbonDailyRollingFileAppender
# Log file will be overridden by the configuration setting in the DB
# This path should be relative to WSO2 Carbon Home
log4j.appender.CARBON_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon${instance.log}.log
log4j.appender.CARBON_LOGFILE.Append=true
log4j.appender.CARBON_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
# ConversionPattern will be overridden by the configuration setting in the DB
log4j.appender.CARBON_LOGFILE.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m %n
log4j.appender.CARBON_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.CARBON_LOGFILE.threshold=DEBUG
log4j.appender.CARBON_SYS_LOG = org.apache.log4j.net.SyslogAppender
log4j.appender.CARBON_SYS_LOG.layout=org.apache.log4j.PatternLayout
log4j.appender.CARBON_SYS_LOG.layout.ConversionPattern=[%d] %5p {%c} - %x %m %n
log4j.appender.CARBON_SYS_LOG.SyslogHost=localhost
log4j.appender.CARBON_SYS_LOG.Facility=USER
log4j.appender.CARBON_SYS_LOG.threshold=DEBUG
# LOGEVENT is set to be a LogEventAppender using a PatternLayout to send logs to LOGEVENT
log4j.appender.LOGEVENT=org.wso2.carbon.logging.service.appender.LogEventAppender
log4j.appender.LOGEVENT.url=tcp://10.100.3.103:7611
log4j.appender.LOGEVENT.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.LOGEVENT.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
log4j.appender.LOGEVENT.userName=admin
log4j.appender.LOGEVENT.password=admin
#log4j.appender.LOGEVENT.password=secretAlias:Log4j.Appender.LOGEVENT.Password
# Appender config to CARBON_TRACE_LOGFILE
log4j.appender.CARBON_TRACE_LOGFILE=org.apache.log4j.DailyRollingFileAppender
log4j.appender.CARBON_TRACE_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon-trace-messages${instance.log}.log
log4j.appender.CARBON_TRACE_LOGFILE.Append=true
log4j.appender.CARBON_TRACE_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.CARBON_TRACE_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m %n
log4j.appender.CARBON_TRACE_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.CARBON_TRACE_LOGFILE.threshold=TRACE
log4j.additivity.trace.messages=false
# Appender config to AUDIT_LOGFILE
log4j.appender.AUDIT_LOGFILE=org.wso2.carbon.utils.logging.appenders.CarbonDailyRollingFileAppender
log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
log4j.appender.AUDIT_LOGFILE.Append=true
log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c}- %x %m %n
log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.AUDIT_LOGFILE.threshold=INFO
log4j.additivity.AUDIT_LOG=false
# Appender config to send Atomikos transaction logs to new log file tm.out.
log4j.appender.ATOMIKOS = org.apache.log4j.RollingFileAppender
log4j.appender.ATOMIKOS.File = repository/logs/tm.out
log4j.appender.ATOMIKOS.Append = true
log4j.appender.ATOMIKOS.layout = org.apache.log4j.PatternLayout
log4j.appender.ATOMIKOS.layout.ConversionPattern=%p %t %c - %m%n
# This file is used to override the default logger settings, and is used to remove unwanted logs from Shindig appearing on the console.
# Specification of Handler used by Console Logger
handlers=java.util.logging.ConsoleHandler
# Replacing default INFO level with SEVERE
#java.util.logging.ConsoleHandler.level=SEVERE
java.util.logging.ConsoleHandler.level=DEBUG
# - ADDED
log4j.logger.org.wso2.carbon.custom.user.operation.event.listener=DEBUG
我正在关注此页面以创建SSO提供程序:
我添加了SAML2 Web SSO配置。在那里我将Assertion Consumer URL设置为
https://nodejs3.whatever.com:8443/carbon/(nodejs3.whatever.com是wso2机器的主机名)
默认声明使用者URL与上述相同。
证书别名是wso2carbon.cert(??)
网址是否正确?
证书别名是否正确?
谢谢!
答案 0 :(得分:0)
您可以使用X509 authenticator和carbon SAML authenticator来实现这一目标。
您可以将IS管理控制台配置为使用相同IS的SAML SSO登录。为此,您必须像往常一样使用管理员凭据登录,为管理控制台创建服务提供商,启用SAML身份验证器并重新启动(请参阅doc)。
然后按照X509 authenticator configuration页面启用证书身份验证并更新您创建的服务提供商以使用X509身份验证器。