个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
26
4
SAMLException:当我尝试进行 saml 登录并从身份提供商站点启动而不启动请求表单服务提供商站点时,出现以下错误“断言因缺少受众限制而无效”。
我的 SP 元数据:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="urn_test_system_stag_sp_test" entityID="urn:test:system:stag:sp:test"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://mytestsite/samlSlo"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://mytestsite/samlSlo"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://mytestsite/samlAcs?sp=test" index="0"
isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://mytestsite/samlAcs?sp=test"
index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
我遇到的异常:
2018-02-15 15:30:24,356 org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
2018-02-15 15:30:24,356 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229)
2018-02-15 15:30:24,356 at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87)
2018-02-15 15:30:24,356 at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
2018-02-15 15:30:24,356 at com.test.marlin.action.sso.saml2.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:61)
2018-02-15 15:30:24,356 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:184)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
2018-02-15 15:30:24,356 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
2018-02-15 15:30:24,356 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
2018-02-15 15:30:24,356 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
2018-02-15 15:30:24,356 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.marlin.action.TstsFilter.doFilter(TstsFilter.java:79)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.mycode.access.InitSessionFilter.doFilter3(InitSessionFilter.java:226)
2018-02-15 15:30:24,356 at com.test.mycode.access.InitSessionFilter.doFilter2(InitSessionFilter.java:160)
2018-02-15 15:30:24,356 at com.test.mycode.access.InitSessionFilter.doFilter(InitSessionFilter.java:95)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.modules.servlet.ForwardFilter.doFilter(ForwardFilter.java:230)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.modules.servlet.FakeIpFilter.doFilter(FakeIpFilter.java:43)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.modules.servlet.ClientIpFilter.doFilter(ClientIpFilter.java:114)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.mycode.frontend.filter.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:98)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:156)
2018-02-15 15:30:24,356 at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:95)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:289)
2018-02-15 15:30:24,356 at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:838)
2018-02-15 15:30:24,356 at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1349)
2018-02-15 15:30:24,356 at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1305)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1289)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1197)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:993)
2018-02-15 15:30:24,357 at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117)
2018-02-15 15:30:24,357 at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93)
2018-02-15 15:30:24,357 at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:169)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61)
2018-02-15 15:30:24,357 at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173)
2018-02-15 15:30:24,357 at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118)
2018-02-15 15:30:24,357 Caused by: org.opensaml.common.SAMLException: Assertion invalidated by missing Audience Restriction
2018-02-15 15:30:24,357 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionConditions(WebSSOProfileConsumerImpl.java:431)
2018-02-15 15:30:24,357 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:303)
2018-02-15 15:30:24,357 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214)
2018-02-15 15:30:24,357 ... 50 more
2018-02-15 15:30:25,939 org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229)
2018-02-15 15:30:25,939 at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87)
2018-02-15 15:30:25,939 at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
2018-02-15 15:30:25,939 at com.test.marlin.action.sso.saml2.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:61)
2018-02-15 15:30:25,939 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:184)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
2018-02-15 15:30:25,939 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
2018-02-15 15:30:25,939 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
2018-02-15 15:30:25,939 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
2018-02-15 15:30:25,939 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.marlin.action.TstsFilter.doFilter(TstsFilter.java:79)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.mycode.access.InitSessionFilter.doFilter3(InitSessionFilter.java:226)
2018-02-15 15:30:25,939 at com.test.mycode.access.InitSessionFilter.doFilter2(InitSessionFilter.java:160)
2018-02-15 15:30:25,939 at com.test.mycode.access.InitSessionFilter.doFilter(InitSessionFilter.java:95)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.modules.servlet.ForwardFilter.doFilter(ForwardFilter.java:230)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.modules.servlet.FakeIpFilter.doFilter(FakeIpFilter.java:43)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.modules.servlet.ClientIpFilter.doFilter(ClientIpFilter.java:114)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.mycode.frontend.filter.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:98)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:156)
2018-02-15 15:30:25,939 at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:95)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:289)
2018-02-15 15:30:25,939 at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:838)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1349)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1305)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1289)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1197)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:993)
2018-02-15 15:30:25,939 at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117)
2018-02-15 15:30:25,939 at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93)
2018-02-15 15:30:25,939 at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:169)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61)
2018-02-15 15:30:25,939 at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173)
2018-02-15 15:30:25,939 at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118)
2018-02-15 15:30:25,939 Caused by: org.opensaml.common.SAMLException: Assertion invalidated by missing Audience Restriction
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionConditions(WebSSOProfileConsumerImpl.java:431)
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:303)
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214)
... 50 more
谁能帮我解决这个问题吗?
最佳答案
我遇到这个问题是因为我没有启动我的请求表单服务提供商网站(我的网站)包含“saml2 发行者”的 saml 请求,因此身份提供商网站将不知道请求发送者,并且在成功登录其网站后AudienceRestriction 不会包含在响应中,并且会抛出 SAMLException
作为解决方案,我要求 Idinety 提供商永久添加以下 AudienceRestriction :
<saml:Conditions NotBefore="2018-02-19T18:51:12.596Z" NotOnOrAfter="2018-02-19T19:51:12.596Z">
<saml:AudienceRestriction>
<saml:Audience>urn:test:system:stag:sp:test</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
关于java - SAML异常 : "Assertion invalidated by missing Audience Restriction" when started from identity provider,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48809479/
26
4
0
我正在尝试向 iOS 应用商店提交更新。我要从 Buzztouch 应用程序转到 Sprite Kit 应用程序。我能够存档 Xcode 项目并提交它。该应用程序的状态为“上传已收到”,但大约一分钟后
我收到了这个奇怪的警告。我不确定是什么原因造成的。 .dia文件扩展名应该表示核心有向图图形文件。我没有添加,应用程序几乎没有用户界面。 最佳答案 我对这个答案并不满意,但我认为它可以帮助人们,直到找
下面用作 Uri 参数的程序集限定字符串在 XAML 中工作,但在代码中使用时会出现错误。 我尝试了各种 UriKind,结果都相同。我该如何解决这个问题? [Test] public void La
我正在开发一个 Angular 应用程序,目的是将其部署到移动设备和 Web 浏览器上。设置表单样式以显示无效输入时,我应该定位 Angular“ng-invalid”类还是 HTML5“:inval
我有一个在 Google App Engine 上运行的应用程序,它是 Android 应用程序的后端。它基本上是 Android 应用程序和在我自己的服务器上运行的 MySQL 数据库之间的桥梁。
我的代码是这样的: func tableView(_ tableView: UITableView, commit editingStyle: UITableViewCellEditingStyle,
I need to encrypt using Python with the A256GCM algorithm, and getting back a JWT that I need to
无法成功编译webpack并生成bundle.js文件。据我了解,我的 src_dir 和 dist_dir 变量能够指向正确的路径,但在尝试编译时我仍然始终收到两个错误之一。 配置对象无效。 Web
因此,当我在 postgres 上运行 regexp_matches 时收到一条错误消息,并且无法弄清楚如何通过它。它似乎在 regex101 等 reg_exp 测试站点上运行良好,但不幸的是在实际
这些是我正在使用的导入: import com.novell.ldap.*; import java.io.UnsupportedEncodingException; 我正在尝试进行一个非常简单的密码
在记录器函数的简写情况下,Pylint 提示 Invalid constant name "myprint"(invalid-name)。 # import from utils import get
我试图创建一个HTML输入标签,该标签仅接受以2种格式之一输入的数字,并拒绝所有其他输入。 我只想接受以下格式的数字,包括破折号: 1234-12 和 1234-12-12 注意:不是日期,而是合法的
我一直在尝试使用 Bootstrap 的表单样式处理 AngularJS 的电子邮件验证,并遇到了这个 CSS block 。 input:focus:required:invalid, textar
我正在编写一个程序,以确保我了解如何在 C 中正确实现单向链表。我目前正在哈佛的 CS50 类(class)中学习,并且使用本教程,因为 CS50 人员不解释链接详细列出数据结构:https://ww
此问题与询问同一消息的另一个问题不重复,但在另一个上下文中。这个问题的上下文只是关于上传截图图像和获取消息。 今天,我在将图片上传到 App Store Connect 时收到一条新消息: Inval
我的代码似乎运行良好,但当我滑动以删除 UITableView 中的一行时,应用程序崩溃并显示以下内容: 错误 LittleToDoApp[70390:4116002] *** Terminating
当我尝试发送语音消息时,总是收到无效的url错误。我正在使用Whisper将音频转换为文本,但由于某种原因,我似乎无法将文件传递给Whisper。当我在Java脚本中使用它而不是在TypeScrip中
我正在尝试在 flutter 上对 http 客户端进行单元测试。在模拟 http 和我的存储库类之后: void main() { MockHttpCLient mockHttpCLient;
我正在使用 pandoc 作为一个库,相关的代码片段是: module Lib ( latexDirToTex, latexToTxt ) where import qualified
我正在开发一个(相对简单的)Rails应用程序。我正在使用Devise gem处理用户 session 。每当我导航到localhost:3000/users/sign_in时,我都会看到Devise
我是一名优秀的程序员,十分优秀!