1

我必须使用 WildFly 服务器和纠察链路实现 SAML 2.0 身份提供程序,但我停留在身份验证过程中。我遵循了纠察链接指南,还查看了 github 上的快速入门,但我仍然无法正常工作。

问题是我的服务提供商向 wildfly 服务器发送了一个 POST AuthnRequest,该服务器通过 GET 请求重定向到 login.jsp,然后我的 SAMLRequest 属性消失了,然后在成功登录后 IDPFilter 无法获取 SAMLRequest 属性。因此,用户未在服务提供商上进行身份验证或重定向回它。

我正在使用我在身份提供者项目的 web.xml 中配置的非常基本的 FORM 身份验证。

WildFly 版本:8.1.0-FINAL

Picketlink 版本:2.7.1.Final

火狐网络监控:

火狐网络监控

纠察队链接.xml

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">      
    <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" SupportsSignatures="true"
        AttributeManager="org.picketlink.identity.federation.bindings.wildfly.idp.UndertowAttributeManager"
        RoleGenerator="org.picketlink.identity.federation.bindings.wildfly.idp.UndertowRoleGenerator">

        <IdentityURL>${idp.url::http://localhost:7080/idp}</IdentityURL>

        <Trust>
            <Domains>locahost</Domains>
        </Trust>

        <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
            <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />
            <Auth Key="KeyStorePass" Value="changeit" />
            <Auth Key="SigningKeyPass" Value="changeit" />
            <Auth Key="SigningKeyAlias" Value="wildfly" />

            <ValidatingAlias Key="localhost" Value="wildfly" />
            <ValidatingAlias Key="127.0.0.1" Value="wildfly" />
        </KeyProvider>

        <MetaDataProvider ClassName="org.picketlink.identity.federation.core.saml.md.providers.FileBasedEntityMetadataProvider">
           <Option Key="FileName" Value="/WEB-INF/classes/test_sp_metadata.xml"/>
        </MetaDataProvider>
    </PicketLinkIDP>

    <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2EncryptionHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
    </Handlers>
</PicketLink>

web.xml

...

<display-name>PicketLink Identity Provider</display-name>

<description>PicketLink Identity Provider Using a Servlet Filter</description>

<listener>
    <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
</listener>

<filter>
    <filter-name>IDPFilter</filter-name>
    <filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>IDPFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

...

我希望你能帮我解决这个问题......

问候,克里斯

4

0 回答 0