从WSO2 Identity Server 5.3获取安全令牌WS-Trust STS

时间:2017-10-13 00:14:25

标签: wso2 wso2is

我使用AD LDS用户存储设置了WSO2IS,并且具有用ASP.NET MVC编写的WS-Federation Passive STS原型,该原型可以作为AD LDS中定义的用户进行身份验证。我现在正在尝试编写一个简单的.NET控制台应用程序来手动连接到WS-Trust端点并进行身份验证,因为这个用户(或管理员用户同时尝试过)。我使用UserNamePassword保护了WS-Trust端点,并选择了哪些用户可以进行身份​​验证。

然而,当我运行这个原型时,我得到了一个" java.lang.NullPointerException"来自WSO2IS。

我做错了什么或离开了?

  

发生System.ServiceModel.FaultException HResult = 0x80131501
  Message = java.lang.NullPointerException Source = System.ServiceModel
  StackTrace:at   System.ServiceModel.Security.WSTrustChannel.ReadResponse(消息   回应)   System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken   rst,RequestSecurityTokenResponse& rstr)at   WsTrustActiveSTSClient.Program.Main(String [] args)in   C:\来源\ CACI \ MFOMID   原型\ STS \ WSO2IS-RP \ WsTrustActiveSTSClient \ Program.cs:第38行

我查看了日志中的异常信息,似乎是在org.apache.rahas.impl.SAMLTokenIssuer.createHoKAssertion中抛出的。

  

TID:[ - 1234] [] [2017-10-12 20:10:3​​4,719]错误   {org.apache.axis2.transport.http.AxisServlet} -
  java.lang.NullPointerException at   org.apache.rahas.impl.SAMLTokenIssuer.createHoKAssertion(SAMLTokenIssuer.java:452)     在   org.apache.rahas.impl.SAMLTokenIssuer.issue(SAMLTokenIssuer.java:202)     在   org.apache.rahas.TokenRequestDispatcher.handle(TokenRequestDispatcher.java:69)     在   org.apache.rahas.STSMessageReceiver.invokeBusinessLogic(STSMessageReceiver.java:57)     在   org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)     在   org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)     在org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)     在   org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)     在   org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)     在   org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)     在javax.servlet.http.HttpServlet.service(HttpServlet.java:650)at   javax.servlet.http.HttpServlet.service(HttpServlet.java:731)at at   org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)     在   org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)     在   org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)     在javax.servlet.http.HttpServlet.service(HttpServlet.java:731)at   org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)     在   org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)     在   org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)     在   org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)     在   org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)     在   org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)     在   org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)     在   org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)     在   org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)     在   org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve $ 1.invoke(CarbonTomcatValve.java:47)     在   org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)     在   org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)     在   org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)     在   org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)     在   org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)     在   org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)     在   org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)     在   org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)     在   org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)     在   org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:637)     在   org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1756)     在   org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.run(NioEndpoint.java:1715)     在   java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)     在   java.util.concurrent.ThreadPoolExecutor中的$ Worker.run(ThreadPoolExecutor.java:624)     在   org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)     在java.lang.Thread.run(Thread.java:748)

以下是使用.NET Framework 4.5.2下的WIF 4.5编写的这个简单WS-Trust STS客户端的源代码。

using System;
using System.IdentityModel.Claims;
using System.IdentityModel.Protocols.WSTrust;
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.ServiceModel.Security;

namespace WsTrustActiveSTSClient
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential, false);
            binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
            binding.Security.Message.EstablishSecurityContext = false;


            EndpointAddress endpoint = new EndpointAddress("https://localhost:9443/services/wso2carbon-sts");

            WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, endpoint);
            factory.Credentials.UserName.UserName = "admin";
            factory.Credentials.UserName.Password = "admin";

            WSTrustChannel channel = (WSTrustChannel) factory.CreateChannel();

            RequestSecurityToken rst = new RequestSecurityToken
            {
                RequestType = RequestTypes.Issue,
                KeyType = KeyTypes.Symmetric,
                Claims =
                {
                    new RequestClaim(ClaimTypes.Name)
                }
            };

            RequestSecurityTokenResponse rstr = null;
            SecurityToken token = channel.Issue(rst, out rstr);

            Console.WriteLine("{0}", token);
            Console.ReadLine();
        }
    }
}

1 个答案:

答案 0 :(得分:0)

问题是我正在请求对称密钥令牌,看起来我没有为此配置。我将其更改为Bearer令牌并且工作正常。不过,我仍然在研究Symmetric密钥用例。