1. 首頁
  2. 問答
  3. Spring Security與OKTA的SAML

Spring Security與OKTA的SAML

2017-01-09 117 views
0

我嘗試使用OKTA爲Spring應用程序設置SAML,並按照http://developer.okta.com/code/java/spring_security_saml.htmlSpring Security與OKTA的SAML

完成在教程的所有步驟後,我得到以下錯誤

重度:Servlet.service()進行的servlet [JSP]在上下文中與路徑[/彈簧安全SAML2樣本]拋出異常[org.opensaml.saml2.metadata.provider.MetadataProviderException:沒有配置IDP,請更新包含至少一個IDP的元數據],其根本原因爲 org.opensaml.saml2.metadata.provider.MetadataProviderException:沒有配置IDP,請使用org.springframework.security.saml.context.SAMLContextProviderImpl的org.springframework.security.saml.metadata.MetadataManager.getDefaultIDP(MetadataManager.java:781) 中的至少一個IDP 更新包括的元數據。 populatePeerEntityId(SAMLContextProviderImpl.java:157) 在org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalAndPeerEntity(SAMLContextProviderImpl.java:127) 在org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:146) 在org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:186) 在org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:168) 在org.springframework。 org.springframework.security.web.FilterChainProxy上的security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:131) $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.spri ngframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web。 authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter( (org.springframework.security.web.FilterChainProxy)$ VirtualFilterChain.doFilter er.java:45) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:186) 在org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在org.springframework.security.web。 context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter( MetadataGeneratorFilter.java:87) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 在org.springframework.security。 web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 在org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 在org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java: 259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain。的java:241) 在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 在org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) 在org.apache。 catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve。的java:169) 在org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 在org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) 在org.apache。 catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apach e.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) at org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process( AbstractProtocol.java:625) at org.apache.tomcat.util.net.JIoEndpoint $ SocketProcessor.run(JIoEndpoint.java:318) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util .concurrent.ThreadPoolExecutor $ Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source)

什麼可能會出錯?

來源

2017-01-09 Anwar Sadat

回答

0

由於在securityContext.xml文件中沒有正確設置IDP元數據URL(如步驟2中所述,此處爲http://developer.okta.com/code/java/spring_security_saml.html#configuring-spring-security-saml-to-work-with-okta),因此您會看到此錯誤。

請從SAML應用程序的「登錄」選項卡中複製IDP元數據網址。

enter image description here

在下面的章節中securityContext.xml

輸入它 

<constructor-arg> 

     <list> 

      <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider"> 

        <!-- URL containing the metadata --> 
        <constructor-arg> 

        <!-- This URL should look something like this: https://example.okta.com/app/abc0defghijK1lmN23o4/sso/saml/metadata --> 

        <value type="java.lang.String">{{IDP_Metadata_Url}}</value> 

        </constructor-arg> 

        <!-- Timeout for metadata loading in ms --> 

        <constructor-arg> 

        <value type="int">5000</value> 

        </constructor-arg> 

        <property name="parserPool" ref="parserPool"/> 

       </bean> 

     </list> 

    </constructor-arg> 

</bean>

來源

2017-01-09 18:10:49

+0

我已經做到了已經。密鑰可能存在問題嗎? –

+0

您可以確保IDP元數據配置在class =「org.opensaml.saml2.metadata.provider.HTTPMetadataProvider」下嗎?因爲異常顯然與IDP元數據設置不正確有關。 –

相關問題

 相關問題