OpenAM提供“错误处理AuthnRequest。无法生成NameID值。”错误
问题描述 投票:0回答:1
我正在将OpenAM用作内部IDP服务。我正在使用的流程是IDP启动的,其中我正在使用以下链接:
http://127.0.0.1:8080/openam/idpssoinit?metaAlias=%2Fidp&spEntityID=https%3A%2F%2Fmcrmpssso.maxlifeinsurance.com%2Fybl%2Fsps%2Fsamlybl%2Fsaml20
SP元数据.xml如下:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2020-06-06T05:29:49Z" cacheDuration="PT604800S" entityID="https://mcrmpssso.maxlifeinsurance.com/ybl/sps/samlybl/saml20">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<!--md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDGDCCAgCgAwIBAgIIfnbJwHIEE14wDQYJKoZIhvcNAQELBQAwKjELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA2libTENMAsGA1UEAxMEaXNhbTAeFw0xODA2MDYwNDU1MTJaFw0yODA2MDQwNDU1MTJaMCoxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNpYm0xDTALBgNVBAMTBGlzYW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD7l4RiOOWVv5OsqZwIuypmiX7Zvpxu9FciKKUtqnvTORz957ht+Rn5irMAO6RFyV3Ukk4xZICTegf1Fqfih3/zYUeGpTWb/JqU3ihBHIqAx57dffD/I3q2FZJ6sWua00s0Sj71EpqnTWdFQ2c19pERsV9an17wipuJyak3Rb9utuoYqoFH46Rlpo1Aiaz3wCcfGhN/bZKuxVggVmdqUIx7pI6DrfXj5wBe2RD75gESksTqfjW8w49rGLCfchrVmuFRFM4fe2FW8idcGB/uHQ+AWX3E0pBspNkd/a0KJu/EnI/ZjVN7RQ1+xIqjoM8MtyJRKW93L64BDm/tCj/et0TAgMBAAGjQjBAMB0GA1UdDgQWBBQpC5fyHKU7z+BbO6P5UdKOVCJYTTAfBgNVHSMEGDAWgBQpC5fyHKU7z+BbO6P5UdKOVCJYTTANBgkqhkiG9w0BAQsFAAOCAQEAfdjAQQ1kJTZBdw0ckGBjsteEID0I9qbt4R5vzyeGGjuqlQ0lJww8pYizH8XbfZftlDO10gwrx60fbCUDE0GPDDOAO6p/gcXiFDvsS8NIn3VeyPXtPmYZ8O2/e0LeQ5kWf3p2ZU7ZCIQ+fo9bh5Ve9Amj+Jel4SSL0U+wQQDAfW1+oCqSaXlui2XVH2Tlv+yJBRvk+KRZz3gk9h53f4cRwafp/GH4PDeST/leed1zMXnj/uJqazK+2Q2Wo+LRKuIM4CtkffSzZ4sqn0Uu3VHtjs0ZWY6bUG6pDVs9u3KhX38hzzqy7wgtzdf1o0ai1KPPNOvD1HxYVe7t3yqyeRJZgw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDGDCCAgCgAwIBAgIIfnbJwHIEE14wDQYJKoZIhvcNAQELBQAwKjELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA2libTENMAsGA1UEAxMEaXNhbTAeFw0xODA2MDYwNDU1MTJaFw0yODA2MDQwNDU1MTJaMCoxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNpYm0xDTALBgNVBAMTBGlzYW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD7l4RiOOWVv5OsqZwIuypmiX7Zvpxu9FciKKUtqnvTORz957ht+Rn5irMAO6RFyV3Ukk4xZICTegf1Fqfih3/zYUeGpTWb/JqU3ihBHIqAx57dffD/I3q2FZJ6sWua00s0Sj71EpqnTWdFQ2c19pERsV9an17wipuJyak3Rb9utuoYqoFH46Rlpo1Aiaz3wCcfGhN/bZKuxVggVmdqUIx7pI6DrfXj5wBe2RD75gESksTqfjW8w49rGLCfchrVmuFRFM4fe2FW8idcGB/uHQ+AWX3E0pBspNkd/a0KJu/EnI/ZjVN7RQ1+xIqjoM8MtyJRKW93L64BDm/tCj/et0TAgMBAAGjQjBAMB0GA1UdDgQWBBQpC5fyHKU7z+BbO6P5UdKOVCJYTTAfBgNVHSMEGDAWgBQpC5fyHKU7z+BbO6P5UdKOVCJYTTANBgkqhkiG9w0BAQsFAAOCAQEAfdjAQQ1kJTZBdw0ckGBjsteEID0I9qbt4R5vzyeGGjuqlQ0lJww8pYizH8XbfZftlDO10gwrx60fbCUDE0GPDDOAO6p/gcXiFDvsS8NIn3VeyPXtPmYZ8O2/e0LeQ5kWf3p2ZU7ZCIQ+fo9bh5Ve9Amj+Jel4SSL0U+wQQDAfW1+oCqSaXlui2XVH2Tlv+yJBRvk+KRZz3gk9h53f4cRwafp/GH4PDeST/leed1zMXnj/uJqazK+2Q2Wo+LRKuIM4CtkffSzZ4sqn0Uu3VHtjs0ZWY6bUG6pDVs9u3KhX38hzzqy7wgtzdf1o0ai1KPPNOvD1HxYVe7t3yqyeRJZgw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
</md:KeyDescriptor-->
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mcrmpssso.maxlifeinsurance.com/ybl/sps/samlybl/saml20/login" index="1"/>
<!--md:Organization>
<md:OrganizationName xml:lang="en">MLIC</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">MLIC</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en"/>
</md:Organization-->
</md:SPSSODescriptor>
</md:EntityDescriptor>
IDP配置的NameID格式和值:
SP配置的NameID格式:
OpenAM的堆栈跟踪:
libSAML2:04/05/2020 08:05:57:847 PM UTC: Thread[http-nio-8080-exec-5,5,main]: TransactionId[bf5ec287-6206-4f48-bba0-f968efd3146f-32206]
ERROR: Error processing request
com.sun.identity.saml2.common.SAML2Exception: Unable to generate NameID value.
at com.sun.identity.saml2.plugins.DefaultIDPAccountMapper.getNameID(DefaultIDPAccountMapper.java:114)
at com.sun.identity.saml2.profile.IDPSSOUtil.getSubject(IDPSSOUtil.java:1618)
at com.sun.identity.saml2.profile.IDPSSOUtil.getAssertion(IDPSSOUtil.java:1009)
...
几个小时以来,我一直在这个问题上陷入困境。请帮助。
1个回答
0
投票
投票
您需要检查在配置的用户数据存储上是否配置了用户主体身份属性'uid'(请参阅NameID值映射屏幕截图),并且需要确保为执行IdP初始化的SSO流的用户设置了一个值。出于测试目的,您可以通过添加请求参数NameIDFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
最新问题
- AddJwtBearer 的动态权限
- 如何隐藏PhpStorm / IntelliJ IDEA中的默认放大镜?
- 如何安装本地开发的Python Wheel文件作为本机Snowflake应用程序的一部分
- 为什么我的 tkcalendar 年份错误?
- 在读取之前设置未定义的 javascript 属性
- 谁应该分配 OpenID Connect 身份令牌、SaaS 或 SSO IdP 令牌提供商?
- 如何使用 .htaccess 在 apache 上启用 Expect-Ct
- AWS Cognito 更新用户电子邮件属性
- 如何在 FireMonkey 中访问 ComboBox 中的 ListBox 和 ComboEdit 中的 VScrollBar?
- 在gradle中哪里编写导航组件safeArgs依赖项
- 来自 Angular 外部的更改检测和事件
- 我想在选择项目(多个)后清除下拉列表,找不到控制器
- 如何将http服务器升级为websockets。监听传入的请求,以便我可以提供 HTML 页面?
- 在 BigQuery 中将用逗号分隔值的列分隔成多行
- Keycloak主题定制
- 比较年月日相同但时间不同的两个日期
- 我正在尝试使用 HTML + Tailwindcss 为网站制作导航栏,但我想要的功能没有实现</desc> <question vote="0"> <p></p><div data-babel="false" data-lang="js" data-hide="false" data-console="true"> <div> <pre><code> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Front Page</title> <link href="https://cdn.jsdelivr.net/npm/<a href="/cdn-cgi/l/email-protection" data-cfemail="87f3e6eeebf0eee9e3e4f4f4c7b5a9b7a9b7">[email protected]</a>/dist/tailwind.min.css" rel="stylesheet"> </head> <body class="bg-slate-600"> <nav class="bg-white text-black h-12 flex items-center justify-between px-4"> <div class="text-lg font-semibold">ABC Enterprises</div> <ul class="flex items-center space-x-4"> <li class="relative group"> <a href="#" class="text-black hover:text-gray-300 px-3 py-2 font-bold rounded-md">Solutions</a> <div class="dropdown-content absolute hidden bg-white text-black py-2 rounded shadow-lg min-w-max top-full mt-1 group-hover:block"> <a href="#" class="block px-4 py-1 hover:bg-gray-100">ESG & Sustainability Reporting & Management</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Carbon Accounting & GHG Measurement</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Sustainable Procurement & Sourcing</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">ESG Portfolio Management For Investors</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">ESG Consulting</a> </div> </li> <li class="relative group"> <a href="#" class="text-black hover:text-gray-300 px-3 py-2 font-bold rounded-md">Industries</a> <div class="dropdown-content absolute bg-white text-black py-2 rounded shadow-lg min-w-max top-full mt-1 group-hover:block"> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Manufacturing</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Agri-business & Forestry</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Retail & Hospitality</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Health & Education</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Infrastructure</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Financial Institutions & Funds</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Real Estate & Construction</a> </div> </li> <li><a href="#" class="text-black hover:text-gray-300 px-3 py-2 rounded-md font-bold">Contact Us</a></li> <li><a href="#" class="text-black hover:text-gray-300 px-3 py-2 rounded-md font-bold">About Us</a></li> <li><a href="#" class="text-black hover:text-gray-300 px-3 py-2 rounded-md font-bold">Sign In</a></li> </ul> </nav> </body> </html> </code></pre> </div> </div> <p></p> <p>对于大多数人来说,我面临的问题很容易,我在过去的 6-7 个小时里都被困在上面。 所以我也尝试了 group-hover:block ,但当我将鼠标悬停在解决方案和资源上时,它仍然没有显示下拉菜单,请帮助我,这很紧急!!!</p> </question> <answer tick="false" vote="0"> <p>2.0.0版本中没有任何类定义<pre><code>group-hover:block</code></pre>,您需要在Tailwind上升级到新版本。</p> <p></p><div data-babel="false" data-lang="js" data-hide="false" data-console="true"> <div> <pre><code><!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Front Page</title> <script src="https://cdn.tailwindcss.com"></script> </head> <body class="bg-slate-600"> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Front Page</title> <link href="https://cdn.jsdelivr.net/npm/<a href="/cdn-cgi/l/email-protection" data-cfemail="f08491999c87999e94938383b0c2dec0dec0">[email protected]</a>/dist/tailwind.min.css" rel="stylesheet"> </head> <body class="bg-slate-600"> <nav class="bg-white text-black h-12 flex items-center justify-between px-4"> <div class="text-lg font-semibold">ABC Enterprises</div> <ul class="flex items-center space-x-4"> <li class="relative group"> <a href="#" class="text-black hover:text-gray-300 px-3 py-2 font-bold rounded-md">Solutions</a> <div class="dropdown-content absolute hidden bg-white text-black py-2 rounded shadow-lg min-w-max top-full mt-1 group-hover:block"> <a href="#" class="block px-4 py-1 hover:bg-gray-100">ESG & Sustainability Reporting & Management</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Carbon Accounting & GHG Measurement</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Sustainable Procurement & Sourcing</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">ESG Portfolio Management For Investors</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">ESG Consulting</a> </div> </li> <li class="relative group"> <a href="#" class="text-black hover:text-gray-300 px-3 py-2 font-bold rounded-md">Industries</a> <div class="dropdown-content absolute bg-white text-black py-2 rounded shadow-lg min-w-max top-full mt-1 hidden group-hover:block"> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Manufacturing</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Agri-business & Forestry</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Retail & Hospitality</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Health & Education</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Infrastructure</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Financial Institutions & Funds</a> <a href="#" class="block px-4 py-1 hover:bg-gray-100">Real Estate & Construction</a> </div> </li> <li><a href="#" class="text-black hover:text-gray-300 px-3 py-2 rounded-md font-bold">Contact Us</a></li> <li><a href="#" class="text-black hover:text-gray-300 px-3 py-2 rounded-md font-bold">About Us</a></li> <li><a href="#" class="text-black hover:text-gray-300 px-3 py-2 rounded-md font-bold">Sign In</a></li> </ul> </nav> </body> </html> </body> </html></code></pre> </div> </div> <p></p> </answer> </body></html>
- 从 Ruby 网站加载文件时出现文件未找到错误
- Golang 中断后如何恢复上传到 GCS?
- Ocelot RouteClaimsRequirement 无法识别我的声明并返回 403 Forbidden
© www.soinside.com 2019 - 2024. All rights reserved.