我正在开发通过IDP服务器ADFS进行身份验证的应用程序。
因此,它具有一些功能,可以通过访问元数据URL(如下所示)从程序级别导入IDP元数据,并根据服务提供商的要求进行更新。
尝试处理来自SAML服务器URL的ADFS元数据时,我遇到请求处理异常。
解决方案表示wildfly8中存在问题,Wildfly 7+和JBoss 7+很好,但是我仍然遇到相同的问题。
服务器:JBoss EAP 7.1.4 GA
Idp服务器:ADFS服务器从URL访问元数据
https://adfs-server/FederationMetadata/2007-06/FederationMetadata.xml
Idp saml格式可以在这里找到
https://www.samltool.com/idp_metadata.php
adfs服务器(假域名)
当尝试读取元数据时,由于以下代码段而抛出以下错误,因为未加载 credentialResolver 并且它为null
private void initHttpMetadata(String url) throws MetadataProviderException
{
httpMetadataProvider = new HTTPMetadataProvider(new Timer(true), new HttpClient(), url);
httpMetadataProvider.setRequireValidMetadata(true);
httpMetadataProvider.setParserPool(new BasicParserPool());
httpMetadataProvider.initialize();
if (httpMetadataProvider != null)
{
entityDescriptor = httpMetadataProvider.getEntityDescriptor(entityId);
if (entityDescriptor != null)
{
ssoDescriptor =
entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
}
credentialResolver =
credentialResolverFactory.getInstance(httpMetadataProvider);
}}
例外:
ERROR [se.myApp.platform.auth.metadata.in.AbstractMetadataReader] (default
task-48) [] There is no single sign out services to update in metadata url, Please contact idp system administrator
ERROR [se.myApp.platform.auth.metadata.in.AbstractMetadataReader] (default task-48) [] There is no single sign on services to update in metadata url, Please contact idp system administrator
ERROR [io.undertow.request] (default task-48) [] UT005023: Exception handling request to /ssoadmin/metadata/search: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:982) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:65) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:330) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_181]
Caused by: java.lang.NullPointerException
at se.myApp.platform.auth.metadata.in.AbstractMetadataReader.getCertificate(AbstractMetadataReader.java:329) [classes:]
at se.myApp.platform.auth.metadata.in.MetadataReader.getCertificate(MetadataReader.java:40) [classes:]
at se.myApp.platform.auth.metadata.in.MetadataReader.readMetadata(MetadataReader.java:91) [classes:]
at se.myApp.platform.auth.metadata.war.controller.MetadataInController.searchMetadata(MetadataInController.java:97) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_181]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_181]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_181]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
... 46 more
我尝试了以下选项:
org.springframework.web.util.NestedServletException: Request processing failed
org.springframework.web.util.NestedServletException: Handler processing failed
感谢您的建议。谢谢
答案 0 :(得分:0)
问题在于,它在ADFS端SSL证书和服务提供端(SP)ssl证书中由于不正确的层次结构而试图通过ssl连接和读取元数据。
因此,两个服务器都应使用适当的SSL证书相互信任。在这种情况下,我们需要检查添加在ADFS服务器中的证书(您可以在ADFS管理控制台->证书路径中找到该证书)。它基于证书的类型,可以是解密证书或令牌签名证书。
例如:
如果服务提供商侧证书位于证书路径以下:
DigiCert-->root A--> companyRoot--> Machine certificate
如果是ADFS证书路径:
必须遵循正确的路径,例如:
DigiCert-> RootA-> *。adfs.com
自签名证书不适用于ADFS。
这是问题,一旦更正了证书,它就可以正常工作,谢谢大家的努力,并希望这个答案也能为其他人弄清楚。