生成Oauth2 SAML授权代码的问题使用HTTPClient java

Question

我正在尝试自动化令牌生成（授权代码，然后是Access / JWT令牌）进程，然后将用于命中APIc / API。

  

注意：出于安全原因，我在下面使用了dumy domains / scope / redirect URI / parameters。

如何手动生成代币 ： 我获得了以下URL以生成授权代码

代码生成网址： https://sample.domain.com/affwebservices/public/saml2sso?SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3

当我在浏览器中手动点击此按钮时，会出现弹出窗口，我提供了UserID（Ldap）和密码。 之后，它被重定向到不同的URL，最后获得了具有授权代码的以下URL。

https://testqa3members.domain.com/ApiHandler/home？的代码= AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI

我尝试使用'Apache httpclient'生成令牌的步骤：

• 步骤1：通过设置提交“代码生成URL”作为GET请求 “setCredentials”
• 步骤2：检索重定向网址列表
• 步骤3：检索上次重定向URL
• 步骤4：提交带有上次重定向URL的发布请求以获取授权码

获取代码：

DefaultHttpClient httpclient = new DefaultHttpClient();

System.out.println("Adding Paramters to a Array List as NameValuePair");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("SPID", "testqaapi2p3"));
//params.add(new BasicNameValuePair("RelayState", "response_type=code"));
params.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=testqainternalpath3"));

System.out.println("Parameters List:" + params);

System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
URI uri = new URIBuilder(authUrl)
        .addParameters(params)
        .build();
System.out.println("Built URI:" + uri);

httpclient.getCredentialsProvider().setCredentials(new AuthScope(null, AuthScope.ANY_PORT), new UsernamePasswordCredentials(userName, password));

System.out.println("Creating HTTPGET with the Created URI");
HttpGet get = new HttpGet(uri);
System.out.println("HttpGet:" + get);

System.out.println("Creating Client Context");
HttpClientContext context = HttpClientContext.create();
System.out.println("Created Client Context:" + context);

System.out.println("Executing the GET Method with the created Client Context");
HttpResponse response = httpclient.execute(get, context);
System.out.println("HttpResponse:" + response);

System.out.println("Getting the Final URI from the Submitted Get Method");
URI finalUrl = get.getURI();
System.out.println("Final URL:" + finalUrl);

System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
List<URI> locations = context.getRedirectLocations();
System.out.println("List of URI:" + locations);

if (locations != null) {
    finalUrl = locations.get(locations.size() - 1);
}
System.out.println("Taking the last URL as Final:" + finalUrl);

这是我从get requestReferer 中获取的最后一个网址 上次重定向网址： https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

POST代码：

HttpPost postReq = new HttpPost(finalUrl);

        postReq.addHeader("Content-Type", "text/html"); 
        postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
        postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

        HttpResponse responsePost = httpclient.execute(postReq,context);
        System.out.println("Post Response:" + responsePost);

OutPut：但我收到了一个500 - 发布请求的内部服务器错误 HTTP / 1.1 500内部服务器错误[日期：星期一，2018年2月19日08:05:12 GMT，服务器：Apache / 2.4.23（Win32）OpenSSL / 1.0.2h-fips mod_jk / 1.2.41，内容 - 语言：zh ，Content-Length：1259，Connection：close，Content-Type：text / html; charset = utf-8] org.apache.http.conn.BasicManagedEntity@1147d0

我的分析到目前为止： 我尝试使用“Firefox”浏览器和开发人员工具中的网络选项查看提交的请求。 我看到的是一个Post Request正在通过“Last Redirection URL”提交给具有以下参数的授权端点。 并且使用标头X-Backside-Transport：FAIL FAIL失败失败的位置标头（https://testqa3members.domain.com/ApiHandler/home?code=AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI）中可用的代码检索302状态代码

授权端点网址： https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize

接头： 引用站点： https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

参数： 的RelayState：RESPONSE_TYPE =代码＆安培; CLIENT_ID = Client_ID_Value＆安培; REDIRECT_URI = https://testqa3members.domain.com/ApiHandler/home&scope=Scope+Value&path=testqainternalpath3

SAMLResponse：PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl c3RpbmF0aW9uPSJodHRwczovL3FhYXBpMi5hZXRuYS5jb20vaGVhbHRoY2FyZS9xYWludHBhdGgz L3YzL2F1dGgvb2F1dGgyL3NhbWxhdXRob3JpemUiIElEPSJfODQ1NzEzYjc1MDQ1N2YzN2YyZjAw ZmFkZWRmMDk2NTQ3ZGMzIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDItMTlUMDg6MDQ6NTdaIiBWZXJz aW9uPSIyLjAiPg0KICAgIDxuczE6SXNzdWVyIHhtbG5zOm5zMT0idXJuOm9hc2lzOm5hbWVzOnRj OlNBTUw6Mi4wOmFzc2VydGlvbiIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6 bmFtZWlkLWZvcm1hdDplbnRpdHkiPkFldEhlYWx0aENh ... zdGFudD0iMjAxOC0wMi0xOVQwODowNDo1N1oi IFNlc3Npb25JbmRleD0iWkVNcERvYndNK3M0OVU5S1lIdnY1ZGJNc0JBPXByRXo5dz09IiBTZXNz aW9uTm90T25PckFmdGVyPSIyMDE4LTAyLTE5VDA4OjA2OjI3WiI + DQogICAgICAgICAgICA8bnMy OkF1dGhuQ29udGV4dD4NCiAgICAgICAgICAgICAgICA8bnMyOkF1dGhuQ29udGV4dENsYXNzUmVm PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9uczI6QXV0 aG5Db250ZXh0Q2xhc3NSZWY + DQogICAgICAgICAgICA8L25zMjpBdXRobkNvbnRleHQ + DQogICAg ICAgIDwvbnMyOkF1dGhuU3RhdGVtZW50Pg0KICAgIDwvbnMyOkFz c2VydGlvbj4NCjwvUmVzcG9u c2U +

我的复制以上的增强功能：

List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=qaintpath3"));

    URI postURL = new URIBuilder("https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize")
            .addParameters(postParams)
            .build();

    HttpPost postReq = new HttpPost(postURL);
    postReq.addHeader("Content-Type", "text/html"); 
    //postReq.addHeader("Connection", "close"); 
    postReq.addHeader("Referer", finalUrl.toString());
    postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
    postReq.addHeader("Connection", "keep-alive");
    postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

    HttpResponse responsePost = httpclient.execute(postReq,context);
    System.out.println("Post Response:" + responsePost);

OutPut：但是，我获得了200状态代码Insead的302状态。 HTTP / 1.1 200 OK [X-Backside-Transport：OK OK，...]

  

问题：   1.作为上述参数传递的SAMResponse是什么？   2.为什么我使用X-Backside-Transport获得200状态：OK，而不是使用X-Backside-Transport的300状态代码：FAIL FAIL   我错过了什么吗？

有人可以帮我解决这个问题吗？

  

注意：一旦我获得授权码，我将使用解决方案   此链接（Issues with Generating Authorization code and User Token using Apache OAuth client 2.0 library in Java）生成用于命中的Access / JWT令牌   APIC的/ API的