- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
SAMLException
:当我尝试进行 saml 登录并从身份提供商站点启动而不启动请求表单服务提供商站点时,出现以下错误“断言因缺少受众限制而无效”。
我的 SP 元数据:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="urn_test_system_stag_sp_test" entityID="urn:test:system:stag:sp:test"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://mytestsite/samlSlo"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://mytestsite/samlSlo"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://mytestsite/samlAcs?sp=test" index="0"
isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://mytestsite/samlAcs?sp=test"
index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
我遇到的异常:
2018-02-15 15:30:24,356 org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
2018-02-15 15:30:24,356 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229)
2018-02-15 15:30:24,356 at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87)
2018-02-15 15:30:24,356 at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
2018-02-15 15:30:24,356 at com.test.marlin.action.sso.saml2.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:61)
2018-02-15 15:30:24,356 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:184)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
2018-02-15 15:30:24,356 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
2018-02-15 15:30:24,356 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:24,356 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
2018-02-15 15:30:24,356 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
2018-02-15 15:30:24,356 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.marlin.action.TstsFilter.doFilter(TstsFilter.java:79)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.mycode.access.InitSessionFilter.doFilter3(InitSessionFilter.java:226)
2018-02-15 15:30:24,356 at com.test.mycode.access.InitSessionFilter.doFilter2(InitSessionFilter.java:160)
2018-02-15 15:30:24,356 at com.test.mycode.access.InitSessionFilter.doFilter(InitSessionFilter.java:95)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.modules.servlet.ForwardFilter.doFilter(ForwardFilter.java:230)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.modules.servlet.FakeIpFilter.doFilter(FakeIpFilter.java:43)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.modules.servlet.ClientIpFilter.doFilter(ClientIpFilter.java:114)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.test.mycode.frontend.filter.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:98)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:24,356 at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:156)
2018-02-15 15:30:24,356 at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:95)
2018-02-15 15:30:24,356 at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:289)
2018-02-15 15:30:24,356 at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:838)
2018-02-15 15:30:24,356 at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1349)
2018-02-15 15:30:24,356 at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1305)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1289)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1197)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:993)
2018-02-15 15:30:24,357 at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117)
2018-02-15 15:30:24,357 at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93)
2018-02-15 15:30:24,357 at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:169)
2018-02-15 15:30:24,357 at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61)
2018-02-15 15:30:24,357 at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173)
2018-02-15 15:30:24,357 at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118)
2018-02-15 15:30:24,357 Caused by: org.opensaml.common.SAMLException: Assertion invalidated by missing Audience Restriction
2018-02-15 15:30:24,357 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionConditions(WebSSOProfileConsumerImpl.java:431)
2018-02-15 15:30:24,357 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:303)
2018-02-15 15:30:24,357 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214)
2018-02-15 15:30:24,357 ... 50 more
2018-02-15 15:30:25,939 org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229)
2018-02-15 15:30:25,939 at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87)
2018-02-15 15:30:25,939 at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
2018-02-15 15:30:25,939 at com.test.marlin.action.sso.saml2.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:61)
2018-02-15 15:30:25,939 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:184)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
2018-02-15 15:30:25,939 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
2018-02-15 15:30:25,939 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
2018-02-15 15:30:25,939 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
2018-02-15 15:30:25,939 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
2018-02-15 15:30:25,939 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.marlin.action.TstsFilter.doFilter(TstsFilter.java:79)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.mycode.access.InitSessionFilter.doFilter3(InitSessionFilter.java:226)
2018-02-15 15:30:25,939 at com.test.mycode.access.InitSessionFilter.doFilter2(InitSessionFilter.java:160)
2018-02-15 15:30:25,939 at com.test.mycode.access.InitSessionFilter.doFilter(InitSessionFilter.java:95)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.modules.servlet.ForwardFilter.doFilter(ForwardFilter.java:230)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.modules.servlet.FakeIpFilter.doFilter(FakeIpFilter.java:43)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.modules.servlet.ClientIpFilter.doFilter(ClientIpFilter.java:114)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.test.mycode.frontend.filter.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:98)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:89)
2018-02-15 15:30:25,939 at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:156)
2018-02-15 15:30:25,939 at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:95)
2018-02-15 15:30:25,939 at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:289)
2018-02-15 15:30:25,939 at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:838)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1349)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1305)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1289)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1197)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:993)
2018-02-15 15:30:25,939 at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117)
2018-02-15 15:30:25,939 at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93)
2018-02-15 15:30:25,939 at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:169)
2018-02-15 15:30:25,939 at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61)
2018-02-15 15:30:25,939 at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173)
2018-02-15 15:30:25,939 at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118)
2018-02-15 15:30:25,939 Caused by: org.opensaml.common.SAMLException: Assertion invalidated by missing Audience Restriction
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionConditions(WebSSOProfileConsumerImpl.java:431)
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:303)
2018-02-15 15:30:25,939 at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214)
... 50 more
谁能帮我解决这个问题吗?
最佳答案
我遇到这个问题是因为我没有启动我的请求表单服务提供商网站(我的网站)包含“saml2 发行者”的 saml 请求,因此身份提供商网站将不知道请求发送者,并且在成功登录其网站后AudienceRestriction
不会包含在响应中,并且会抛出 SAMLException
作为解决方案,我要求 Idinety 提供商永久添加以下 AudienceRestriction
:
<saml:Conditions NotBefore="2018-02-19T18:51:12.596Z" NotOnOrAfter="2018-02-19T19:51:12.596Z">
<saml:AudienceRestriction>
<saml:Audience>urn:test:system:stag:sp:test</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
关于java - SAML异常 : "Assertion invalidated by missing Audience Restriction" when started from identity provider,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48809479/
问题很简单:我正在寻找一种优雅的使用方式 CompletableFuture#exceptionally与 CompletableFuture#supplyAsync 一起.这是行不通的: priva
对于 Web 服务,我们通常使用 maven-jaxb2-plugin 生成 java bean,并在 Spring 中使用 JAXB2 编码。我想知道如何处理 WSDL/XSD 中声明的(SOAP-
这个问题已经有答案了: Array index out of bound behavior (10 个回答) 已关闭 8 年前。 我对下面的 C 代码感到好奇 int main(){
当在类的开头使用上下文和资源初始化 MediaPlayer 对象时,它会抛出 NullPointer 异常,但是当在类的开头声明它时(因此它是 null),然后以相同的方式初始化它在onCreate方
嘿 我尝试将 java 程序连接到 REST API。 使用相同的代码部分,我在 Java 6 中遇到了 Java 异常,并且在 Java 8 中运行良好。 环境相同: 信任 机器 unix 用户 代
我正在尝试使用 Flume 和 Hive 进行 Twitter 分析。为了从 twitter 获取推文,我在 flume.conf 文件中设置了所有必需的参数(consumerKey、consumer
我在 JavaFX 异常方面遇到一些问题。我的项目在我的 Eclipse 中运行,但现在我的 friend 也尝试访问该项目。我们已共享并直接保存到保管箱文件夹中。但他根本无法让它发挥作用。他在控制台
假设我使用 blur() 事件验证了电子邮件 ID,我正在这样做: $('#email').blur(function(){ //make ajax call , check if dupli
我这样做是为了从 C 代码调用非托管函数。 pCallback 是一个函数指针,因此在托管端是一个委托(delegate)。 [DllImport("MyDLL.dll")] public stati
为什么这段代码是正确的: try { } catch(ArrayOutOfBoundsException e) {} 这是错误的: try { } catch(IOException e) {} 这段
我遇到了以下问题:有导出函数的DLL。 代码示例如下:[动态链接库] __declspec(dllexport) int openDevice(int,void**) [应用] 开发者.h: __de
从其他线程,我知道我们不应该在析构函数中抛出异常!但是对于下面的例子,它确实有效。这是否意味着我们只能在一个实例的析构函数中抛出异常?我们应该如何理解这个代码示例! #include using n
为什么需要异常 引出 public static void main(String[
1. Java的异常机制 Throwable类是Java异常类型的顶层父类,一个对象只有是 Throwable 类的(直接或者间接)实例,他才是一个异常对象,才能被异常处理机制识别。JDK中内
我是 Python 的新手,我对某种异常方法的实现有疑问。这是代码(缩写): class OurException(Exception): """User defined Exception"
我已经创建了以下模式来表示用户和一组线程之间的关联,这些线程按他们的最后一条消息排序(用户已经阅读了哪些线程,哪些没有): CREATE TABLE table(user_id bigint, mes
我正在使用 Python 编写一个简单的自动化脚本,它可能会在多个位置引发异常。在他们每个人中,我都想记录一条特定的消息并退出程序。为此,我在捕获异常并处理它(执行特定的日志记录操作等)后引发 Sys
谁能解释一下为什么这会导致错误: let xs = [| "Mary"; "Mungo"; "Midge" |] Array.iter printfn xs 虽然不是这样: Array.iter pr
在我使用 Play! 的网站上,我有一个管理部分。所有 Admin Controller 都有一个 @With 和一个 @Check 注释。 断开连接后,一切正常。连接后,每次加载页面(任何页面,无论
我尝试连接到 azure 表存储并添加一个对象。它在本地主机上工作得很好,但是在我使用的服务器上我得到以下异常及其内部异常: Exception of type 'Microsoft.Wind
我是一名优秀的程序员,十分优秀!