1

我正在自学 SAML。我正在学习使用纠察链接快速入门:https ://github.com/jboss-developer/jboss-picketlink-quickstarts 。

我在运行在端口 9080 的 wildfly 9.0.2 中部署了 picketlink-federation-saml-idp-basic-wildfly.war,在运行在端口 8080 的 wildfly 9.0.2 中部署了 picketlink-federation-saml-sp-post-basic-wildfly.war . 我还更新了standalone.xml 来更新IDP 和SP 的安全域。

我在示例中要做的唯一更改是更新 picketlink-jbas7 的依赖项,因为示例 2.8.0.Beta1-SNAPSHOT 中的版本无法解析。我在 IDP 中使用的 Maven 依赖项是:

<dependency>
        <groupId>org.picketlink.distribution</groupId>
        <artifactId>picketlink-jbas7</artifactId>
        <version>2.7.0.Final</version>
        <scope>provided</scope>
</dependency>

我面临的问题是,当我登录 IDP 并单击 SP 链接时,SP 日志中出现以下异常:

23:05:55,833 ERROR [org.picketlink.common] (default task-5) Service Provider could not handle the request.: java.lang.NullPointerException
at org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler$SPTrustHandler.handleStatusResponseType(SAML2IssuerTrustHandler.java:143)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler.handleStatusResponseType(SAML2IssuerTrustHandler.java:70)
at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:516)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:306)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:268)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:339)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:356)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:325)
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:138)
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:113)
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:106)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

请让我知道我做错了什么。

谢谢

4

2 回答 2

2

我在学习 Picketbox 快速入门时遇到了同样的问题。我正在使用wildfly 10.1.0.Final。

我注意到的第一件事是,为了让“基本”工作是必要的(https://github.com/jboss-developer/jboss-picketlink-quickstarts):

  • IDP:picketlink-federation-saml-idp-basic
  • SP:picketlink-federation-saml-sp-post-basicpicketlink-federation-saml-sp-redirect-basic

为简单起见,我将所有生成的 .war 部署在一个容器中。

两件事帮助我找到了发生的事情:

  • 启用 TRACE 调试
  • 在 Wildfly 10 中picketlink的版本是2.5.5.SP2 ,并且在 picketlink-wildfly8-2.5.5.SP2.jar的那个包中找不到 SAML2LoginModule

特别是我在登录模块收到此错误时遇到问题:

Class org.picketlink.identity.federation.bindings.wildfly.SAML2LoginModule not found from Module "deployment.picketlink-federation-saml-sp-post-basic-wildfly.war:main" from Service Module Loader

Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: org.picketlink.identity.federation.bindings.wildfly.SAML2LoginModule

我所做的是将登录模块更改为:org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule并且快速入门开始工作。

于 2017-09-20T19:59:20.863 回答
1

我放弃了纠察线。

我使用了 openSAML,并且能够毫无问题地开发 IDP 发起和 SP 发起的流程。

参考资料:
https ://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManual# https://github.com/rasmusson/webprofile-ref-project

于 2015-12-14T04:07:12.597 回答