0

我已经使用 WAS Liberty Profile version 配置了 OIDC 身份验证(外部 OP)WebSphere Application Server 21.0.0.7/wlp-1.0.54.cl210720210629-1900

测试时,OIDC 身份验证成功,我在浏览器上看到 WAS 设置的以下 cookie:

  • JSESSIONID
  • WASReqURLOidcp1059877004
  • WASReqURLOidcp825245628
  • WAS_n1263819336
  • WAS_n1832376351
  • WAS_p2129763847
  • WASoidcStaten765589445
  • WASoidc代码

messages.log在服务器启动期间,我确实看到了这些消息:

0000003b com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager I CWWKS4103I:创建 LTPA 密钥。这可能需要几秒钟。0000003b com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager A CWWKS4104A:LTPA 密钥在 0.337 秒内创建。LTPA 密钥文件:jv-ltpa.keys 0000003b com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask I CWWKS4105I:LTPA 配置在 0.341 秒后准备就绪。

此外,在我server.xml没有明确禁用 LTPA 令牌或 cookie 生成。

disableLtpaCookie="假"

为什么我的浏览器中没有设置 LTPA cookie?

这是我的server.xml

<?xml version="1.0" encoding="UTF-8"?>
<server description="Default Server">

    <!-- Enable features -->
    <featureManager>
        <feature>javaee-8.0</feature>
        <feature>microProfile-3.0</feature>
        <feature>adminCenter-1.0</feature>
        <feature>appSecurity-2.0</feature>
        <feature>openidConnectClient-1.0</feature>
        <feature>transportSecurity-1.0</feature>
    </featureManager>

    <openidConnectClient id="oidcBridge" clientId="removed"
        clientSecret="removed"
        discoveryEndpointUrl="https://my-op.com/.well-known/openid-configuration" signatureAlgorithm="RS256"
        jwkEndpointUrl="https://my-op.com/.well-known/jwks.json" disableLtpaCookie="false"
        allowDefaultSsoCookieName="true">
    </openidConnectClient>

    <basicRegistry id="basic">
        <user name="admin" password="admin" />
        <user name="user1" password="user1" />
        <user name="user2" password="user2" />
        <group name="users">
            <member name="user1" />
            <member name="user2" />
        </group>
    </basicRegistry>

    <administrator-role>
        <user>admin</user>
    </administrator-role>

    <!-- To allow access to this server from a remote client host="*" has been added to the following element -->
    <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" />

    <!-- Automatically expand WAR files and EAR files -->
    <applicationManager autoExpand="true" />
    <keyStore id="defaultKeyStore" password="removed" location="${server.config.dir}/jv-trust.p12" type="PKCS12" />
    <ltpa keysFileName="jv-ltpa.keys" keysPassword="removed" expiration="1200" />

    <webAppSecurity singleSignonEnabled="true" ssoDomainNames="app1.com" allowFailOverToBasicAuth="true"
        ssoRequiresSSL="false" />

    <application context-root="snoop" id="DefaultApplication"
        location="${server.config.dir}/apps/DefaultApplication.ear" name="DefaultApplication" type="ear">
        <application-bnd>
            <security-role name="All Role">
                <special-subject type="ALL_AUTHENTICATED_USERS" />
            </security-role>
        </application-bnd>
    </application>

</server>
4

0 回答 0