问题:
Okta PySAML2 示例应用:IP 启动的工作正常,但 SP 启动失败
戚翰飞
我按照 Okta 的在 Okta 中设置 SAML 应用程序文档(包括对本问题中讨论的 FirstName 和 LastName 属性的调整)进行了操作,并按照 Okta 的“PySAML2”页面(对于第三个链接没有足够的信誉)运行使用 Okta 进行身份验证的 Flask 应用程序。
运行 Flask 应用(对 'example-okta-com' URL 进行了适当的设置更改)时,IdP 启动的流可以正常工作,因此我可以从 Okta 访问示例应用,但是如果我尝试单击应用中的 “example-okta-com” 链接,该链接指向 http://localhost:5000/saml/login/example-okta-com,则我会被重定向到包含以下堆栈跟踪的测试应用 oktapreview.com 子域上的错误页面:
Error: user_exception
Error parsing XML in SAML request
com.saasure.application.factory.AppUserException: Error parsing XML in SAML request
at com.saasure.application.generic.services.impl.OutboundSAMLServiceImpl.isForceAuthn(OutboundSAMLServiceImpl.java:351)
at com.saasure.application.generic.ui.controller.sso.SAMLForceAuthnController.requiresForceAuthn(SAMLForceAuthnController.java:137)
at com.saasure.application.generic.ui.controller.sso.DefaultSAMLController.handleSAML20AuthnRequestForSpecificInstance(DefaultSAMLController.java:97)
at com.saasure.application.generic.ui.controller.sso.DefaultSAMLController.handleSAML20AuthnRequestForSpecificInstance(DefaultSAMLController.java:91)
at sun.reflect.GeneratedMethodAccessor1246.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.saasure.framework.web.filter.ServletExceptionFilter.doFilterInternal(ServletExceptionFilter.java:30)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.saasure.framework.web.filter.GzipFilter.doFilterInternal(GzipFilter.java:26)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.saasure.framework.web.filter.HeadToGetFilter.doFilterInternal(HeadToGetFilter.java:31)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at nl.remcojansen.tomcatlogging.JuliAccessLogValve.invoke(JuliAccessLogValve.java:355)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:889)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:744)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2274)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.opensaml.xml.parse.XMLParserException: Invalid XML
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:218)
at com.saasure.framework.security.saml.impl.BaseSAMLBuilder.unmarshallXml(BaseSAMLBuilder.java:269)
at com.saasure.framework.security.saml.impl.BaseSAMLBuilder.unmarshallXml(BaseSAMLBuilder.java:277)
at com.saasure.framework.security.saml.impl.SAML20IdentityProviderImpl.unmarshallRequest(SAML20IdentityProviderImpl.java:337)
at com.saasure.framework.security.saml.impl.SAML20IdentityProviderImpl.isForceAuthn(SAML20IdentityProviderImpl.java:320)
at com.saasure.application.generic.services.impl.OutboundSAMLServiceImpl.isForceAuthn(OutboundSAMLServiceImpl.java:347)
... 53 more
Caused by: org.xml.sax.SAXParseException: Content is not allowed in prolog.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:671)
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:215)
... 58 more
我对示例应用程序所做的唯一更改是更改dict的metadata_url_。
共有1个答案
孔俊捷
Okta中的应用程序需要配置为接受压缩的SAML AuthN请求。
很抱歉,我应该把这个放在文件里。我很快就会做的。
同时,您需要在设置的 Okta 应用程序中将“请求压缩”设置为“压缩”。如下所示:
类似资料:
-
我是KeyClope的新手,正在尝试将其配置为SalesForce客户端的SAML IDP。IDP启动的SSO流工作正常。我被引导到Salesforce主页正确地进行身份验证。然而,SP启动的SSO给了我一个JSON输出,而不是KeyClope登录页面。 这是SalesForce重定向到的URL(屏蔽IP):http://10.99.xxx.xxx:8080/auth/realms/test?SA
-
我尝试使用pyinstaller模块将我的python gui应用程序(.py)转换为可执行文件(.exe)。我在终端中运行了以下命令- pyinstaller.exe--onefile-w sourcecode.py
-
最近,我遇到了一种情况,即基于Spring的应用程序在访问类(A)中的自动连接字段时抛出“NullPointerApplication”。被自动连接的豆子也用于其他类(B和C)。这些类(B和C)在访问该bean时工作正常。 当我重新启动应用程序时,一切正常。如前所述,如果bean自动连接失败,则类bean创建应失败,应用程序不应启动。相反,应用程序运行良好(A类除外),并且找不到“无法自动连线”异
-
如何从SAML响应中判断是SP启动的SSO还是IDP启动的SSO?是否有一个属性告诉我是谁发起了SSO? 例如,在这个StackOverflow问题中:SP发起的SSO和IDP发起的SSO之间的差异,他们讨论了差异,但没有谈论XML级别本身...... SAML响应如下所示:
-
我正在使用NetBeans 8.0.2(也在最新的夜间版本中尝试过),并试图在端口8084上启动TomEE Plume服务器(也在不同的端口上尝试过)。服务器启动和工作正常,但NetBeans认为它没有启动,在大约2分钟的等待(“等待Tomcat”)后,抛出一个错误窗口“Tomcat失败启动”或类似的东西。 有些问题与我的问题相似,不同的是我完全没有错误,只有“Tomcat失败启动”窗口,所以我甚
-
我正在进行SP启动的SSO。 IDP是PingOne 我一直在做IDP发起的SSO。 因此,我们有IDP启动的SSO设置,一切都很正常。我们现在必须让它启动。 我理解它背后的理论,但我不知道如何实施它! 到目前为止,我在想我需要给他们的网址是这样的,也许???: https://sso/saml2/jsp/spSSOInit.jsp?metaAlias=/{idpRealm}/sp 但是当我击中它