0

我也在尝试探索 fedlet + adfs federation。

我所拥有的是:

  1. 安装在机器 A 上的 adfs 服务器。我还添加了 fedlet 作为依赖部分,但是当我输入回复方联合元数据 url 并单击测试 url 时,它向我抛出了异常: 读取联合元数据时发生错误。验证 url 或主机名是有效的联合元数据端点。 但是我在依赖部分添加了fedlet的证书,并将算法设置为SHA-1。

  2. 在机器 B 上完成了 openam 设置。在同一台机器上的 openam 和 tomcat 中添加了 adfs 证书。

  3. 使用这个 openam 构建创建了一个 fedlet,并将 adfs 设置为我的托管身份提供程序,它安装在机器 A 上。这个生成的 fedlet 战争也部署在机器 B 上

怎么了:

  1. 当我从机器 A 的浏览器访问 fedlet 链接时,它必须在单击第 1 行时进行链接,它会调用 adfs 并要求提供 adfs 登录凭据。

  2. 一旦我输入凭据,它会将我重定向回 fedlet 应用程序,但是会引发以下异常:

Http 状态 500 - 响应中的无效状态代码。

如果有人可以帮助我解决此异常,我将不胜感激。

更新:

当我使用 firefox 的 saml tracer 插件解码发送到 fedlet 应用程序的响应时,我得到以下信息:

pVZpk6LKEv3%2BIt5%2F6Oj5SHSzimh0d0QBLqiobKJ8ecFSIsgmBbL8%2Bov2OK%2B7x5k39z6JcMlKT9bJU5WZL8iOo2yoQpSlCYIPkvj6%2BB%2BX4TjW8ZinPU3vn5g9yz05LMs8eSzDEIRjk9CDj%2F%2F%2B18OX1wbmKEiT10fqmbizLCFUQilBhZ0UnQ9BUk8k%2BUQROjEY9ohhr%2F9M0rR1548iREWQ2MUV%2B1AUGRrieP18ffA99CJYfP%2BwsywK3KvnHRzhwvASu8yTYWqjAA0TO4ZoWLhDDciLYbfvofvuNCwTlEE32AfQu8cluWVMT18fEeUyFAG5Pst6vR7L0LTrsjTLUHZv4PaJHuvZLNlzaOJe1uo4StDwKsPvd5blaZG6aXQH4%2B3d9HJNcf4O%2BXswGyGYX%2FP0dslol1Db26NnL43tIHl20%2Fj6G%2B%2BczoELEV7kJSpe8PcAt3AeGmqB3ylT5vA7Dw%2B9S9QBVlX1XNHPae7jFEEQODHAOx8PBf63x7f%2FcrihQE9K9unbZ3KXRcFO0qRTNQraq7IyLA6p9wAiP82D4hD%2FIiCJk8Ql4BOs3SeXZJJvjw%2F4HfgfDP4Q9xORHNlP6GCT96FVuIc5TFz4YKjS6%2BO3P7tYbz% 2FrewHTcztB%2BzSP0R2Hn5z%2BHg2YnGGUZtB7Qrds%2FMzon8X5ExmuqPj%2F4niJKwZ%2BVwz%2BiVL3VfqMu7GjEr55ZX9anpIN2bf6qoct96bqrszMOs92r9ddfnT%2BIjr%2BUfWPhxz%2F1Sn%2FdATfMXf2EqT0SJLI49QOGnqZm0WTJUpPTaaypiog27Pbs7tjTUFgGCsmZlFu2cfjckU006q%2FHkT7zelc78wGyQythpzobCYBNjuhY6GUROvaU2%2FPMP05e9R9ZtuPPMWWpVHsj%2Bt1eZhVcrPqp9i2EElWbQQqFARrMAl3PqUjESMYV9C1FOgL45zmlrW2R%2Bf%2BLmwXI08cGOo%2BwAesH6hj3%2B%2BdMNiGU7IsqNY%2FlHr37lq8OeZmNUkJ7KHAcDgZr0f2om8d0h5LMbXXXYOpv%2FHLw1JbgRmcmU5ixgfBXXBOnzvJRL4O%2Brs%2BNwbhVJm6XLOwkCILo%2FmZQ81JdzyIn4WDJ2VujCowckdBKWm2T58oAF5ff4jwIdcfhJjD5qLNrXr%2BvSp2k3LbIwaiXdi%2FOGeXZeFSePeXNgXfZEkS6C7BwLV9UEk88CXFoOK68sPVmBmDjCYtpwYKbMGS94%2BnwzGYDCqCBwoaAxHksnasZtVO3CiKOGp4Xh1ZujReZhbVy5zY9RcaT9sm09itX1pmr91tZ8UiXp4dHcBxRdRyOKpl0a3k1mDkkLevtvazTRZQPddBwvvLDQ9kXRqNR2ok%2BwYVJU4clVYDCmnqZU44y1dCL3KS5cGNiXJHDYqOHy%2BFX%2Fc%2BGgOwEoDCgcu64M%2B77yOQzeuUDHB9uuOqJZrI%2FcBuIW5PxxMu4bdYP%2FDS88KYZAZacO3By2miCEuVZ%2BtclRf0fn7Gp% 2BegpbE6JVZy6ykGia1U3m0AEBkL2yxoYiEYRInlSdV4Hr6ar4Kgql1sPGkt6kTvBxUTCyaIHCTRbdavV4W%2F25BrsivLTTEjJ0Wk4dZ0MyvXihVmmuLoaGVtNqmhRhHGnYxeaRqN6QasFFcZq54napYw51lTj8wskQsNKD0qYo9OuLD0CO1VFVfpdWSRM2LJl%2BRaBAvZ3x7yqXscTBJB5wbqZK7vnXPeugI3O%2BSM0RLmCizNnSjHa0WjS42khd7a7Z82JEpzODpHI9USKJfWdoGAjs7BLxRJBArgZUBMBO000SSHFpURL1QGAEx33hTe8nLYqpQYOw3XAjvsT%2FltVyfWerYJnUgtx2OJYXYn2VDPYh1L3FkaVGo4XxaZcqIaQwudrZqmLhpVOzecjgWBNGe5iRlJuDrYbojpwuGEHTlmBU%2FmhK4yaZq4Jh3QvfocZlufqAmy8Bel4YOVtFtSq3mCHTcoL3DnCBtSbR14sPgQQUmiNDs4JtDugT1OcnYc6GW1sAG5Ya2d56i67i3pNVaLE6ewgbeeDTQ585Vdj1tjyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9fJEpzODpHI9USKJfWdoGAjs7BLxRJBArgZUBMBO000SSHFpURL1QGAEx33hTe8nLYqpQYOw3XAjvsT%2FltVyfWerYJnUgtx2OJYXYn2VDPYh1L3FkaVGo4XxaZcqIaQwudrZqmLhpVOzecjgWBNGe5iRlJuDrYbojpwuGEHTlmBU%2FmhK4yaZq4Jh3QvfocZlufqAmy8Bel4YOVtFtSq3mCHTcoL3DnCBtSbR14sPgQQUmiNDs4JtDugT1OcnYc6GW1sAG5Ya2d56i67i3pNVaLE6ewgbeeDTQ585Vdj1tjyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9fJEpzODpHI9USKJfWdoGAjs7BLxRJBArgZUBMBO000SSHFpURL1QGAEx33hTe8nLYqpQYOw3XAjvsT%2FltVyfWerYJnUgtx2OJYXYn2VDPYh1L3FkaVGo4XxaZcqIaQwudrZqmLhpVOzecjgWBNGe5iRlJuDrYbojpwuGEHTlmBU%2FmhK4yaZq4Jh3QvfocZlufqAmy8Bel4YOVtFtSq3mCHTcoL3DnCBtSbR14sPgQQUmiNDs4JtDugT1OcnYc6GW1sAG5Ya2d56i67i3pNVaLE6ewgbeeDTQ585Vdj1tjyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9fyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9fyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9f

以上代码为编码形式,请解码。

因此,根据我的理解,异常是由于一些无效的 nameid 策略而出现的。我应该如何解决这个问题?

4

1 回答 1

0

“读取联合元数据时出错。”

您通常可以忽略这一点。我假设您的连接是https?

为什么你有一个 Fedlet 的证书?您是否尝试签署 AuthnResponse?

查看 ADFS 日志记录 -如何为 Active Directory 联合身份验证服务 2.0 (AD FS 2.0) 启用调试日志记录

在 fedlet 中设置登录 - 在 FederationConfig.properties 中:

#com.iplanet.services.debug.level=error
com.iplanet.services.debug.level=message

查看 SAML 数据 - ADFS:我想查看 SAML 数据

于 2012-11-19T17:54:01.023 回答