我们将Liferay设置为IDP,并将另一个系统配置为SP。登录方案可以完美运行。
有效的方法
我点击了服务提供商的页面,并且能够看到IDP登录页面(Liferay的登录页面)
当我登录IDP并访问SP时,不需要再次在服务提供商中登录。
现在注销零件时出现问题。假设我登录IDP并访问SP的页面,当我从IDP注销时,后端出现错误
2018-09-26 14:44:32.672 DEBUG [default task-73][BaseMessageDecoder:130] Evaluating security policy of type 'org.opensaml.ws.security.provider.BasicSecurityPolicy' for decoded message
2018-09-26 14:44:32.672 DEBUG [default task-73][BaseSAMLSimpleSignatureSecurityPolicyRule:64] Evaluating simple signature rule of type: org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
2018-09-26 14:44:32.672 DEBUG [default task-73][BaseSAMLSimpleSignatureSecurityPolicyRule:87] HTTP request was not signed via simple signature mechanism, skipping
2018-09-26 14:44:32.673 ERROR [default task-73][MandatoryAuthenticatedMessageRule:37] Inbound message issuer was not authenticated.
2018-09-26 14:44:32.673 ERROR [default task-73][BaseSamlStrutsAction:54] com.liferay.saml.runtime.SamlException: org.opensaml.ws.security.SecurityPolicyException: Inbound message issuer was not authenticated.
com.liferay.saml.runtime.SamlException: org.opensaml.ws.security.SecurityPolicyException: Inbound message issuer was not authenticated.
但是我可以从IDP中注销。但是,无论何时尝试登录,我都无法再次在IDP中登录
User 0 is not allowed to access URL https://<whaterver-url>/web/guest/employee-login and portlet com_liferay_login_web_portlet_LoginPortlet
直到,除非我清除cookie,否则我将无法再次登录。
我在一个cookie中发现了这个问题,因此,一旦我访问SP的页面,我就有两个JSessionId,一个是域my.production.url.com,另一个是.my.production.url.com,现在当我删除.my时.production.url.com手动,然后再次尝试登录,我能够在第二次尝试中登录。
有人可以帮我吗?
感谢与问候