我正在尝试在Spring SAML扩展和ADFS服务器的帮助下集成单点登录我的Web应用程序,我在Spring SAML示例应用程序的帮助下整合了3个月,那时它运行得很好,但现在它给我以下例外
AuthNRequest;SUCCESS;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;
AuthNResponse;FAILURE;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
SAML 2 and ADFS 3.0 IDP - SSO Invalid Status Code First time Login - But succeeds every time after
Issues while integrating ADFS with Spring SAML Extension
我浏览了以上链接,但它对我不起作用,我在ADFS服务器中更改并尝试使用数字签名SHA-256到SHA-1,但问题未解决。
答案 0 :(得分:0)
经过多年的努力,我发现我的应用程序在互联网上正常运行但在Intranet环境中无法运行,我检查了ADFS服务器日志然后我得到了以下异常
Microsoft.IdentityServer.Service.SecurityTokenService.RevocationValidationException: MSIS7098: The certificate identified by thumbprint '2312312213BKHDIIDHD783j3bsd' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted.
我已经验证了我的应用程序证书,它是CA信任且有效,但内部网中仍然存在问题,我不明白为什么ADFS服务器说它不是有效证书并且已返回
urn:oasis:names:tc:SAML:2.0:status:Responder
响应中的状态代码,然后我在ADFS服务器中禁用了签名证书信任检查,然后它对我来说工作正常,我不知道这是否是有效的解决方案,但它对我有效。