配置文件操作PopulateBindingAndEndpointContexts:无法为依赖方解析出站邮件终结点

时间:2019-08-19 06:42:03

标签: shibboleth idp

我们正尝试将shibboleth idp版本从3.1.1迁移到3.4.4,但我们遇到了错误

[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410]-配置文件操作PopulateBindingAndEndpointContexts:无法解析依赖方'https://ipau.sp.sso.manager/sso'的出站消息端点:EndpointCriterion [type = {urn:oasis :names:tc:SAML:2.0:metadata} AssertionConsumerService,Binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST,Location = {https://172.29.241.168:8086/SSOSPManager/SSO,trusted = false] 2019-08-16 13:11:26,832-172.29.241.168-警告[org.opensaml.profile.action.impl.LogEvent:105]-处理请求时发生了未进行的事件:EndpointResolutionFailed

请在我们的SP元数据文件中找到assertionConsumerService配置以下

    <md:AssertionConsumerService Location="http://172.29.241.168:8085/SSOSPManager/SSO" index="1" isDefault="true"
  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:AssertionConsumerService Location="https://sp.example.org/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"
  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
<md:AssertionConsumerService Location="https://sp.example.org/Shibboleth.sso/SAML2/Artifact" index="3"
  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:AssertionConsumerService Location="https://sp.example.org/Shibboleth.sso/SAML2/ECP" index="4"
  Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
<md:AssertionConsumerService Location="https://sp.example.org/Shibboleth.sso/SAML/POST" index="5"
  Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
<md:AssertionConsumerService Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact" index="6"
  Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>

1 个答案:

答案 0 :(得分:0)

希望您已经解决了,但是... 似乎元数据中的网址在 默认服务的位置以及端口的位置都不同,因此基本上在发送消息时在静态(?)元数据中或在SP处在端点配置不正确(因为设置和检查基于“入站”消息”和sp元数据)

奇怪的是,以前以相同的方式访问相同的SP之前运行良好。.但是也许后来又添加了检查。