我尝试用OKTA为Spring应用程序设置SAML,我遵循http://developer.okta.com/code/java/spring_security_saml.html.
完成教程中的所有步骤后,我得到以下错误
SEVERE: Servlet.service() for servlet [jsp] in context with path [/spring-security-saml2-sample] 抛出异常 [org.opensaml.saml2.metadata.provider.MetadataProviderException: 未配置 IDP,请更新包含的元数据,其中包含至少一个 IDP] 的根本原因 org.opensaml.saml.metadata.provider.MetadataProviderException: No IDP 已配置,请在 org.springframework.security.saml.metadata.MetadataManager 上使用至少一个 IDP 更新包含的元数据。getDefaultIDP(MetadataManager.java:781) at org.springframework.security.saml.context.SAMLContextProviderImpl.populatePeerEntityId(SAMLContextProviderImpl.java:157) at org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalAndPeerEntity(SAMLContextProviderImpl.java:127) at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:146) atorg.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:186) at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:168) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:131) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) atorg.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:186) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) atorg.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) atorg.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.authenticator.authenticator.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) atorg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source)
可能出了什么问题?
您看到此错误是因为在securityContext.xml文件中未正确设置IDP元数据url(如步骤2中所述,http://developer . okta . com/code/Java/spring _ security _ SAML . html # configuring-spring-security-SAML-to-work-with-okta)。
请从您的SAML应用程序的登录选项卡中复制IDP元数据url。
在securityContext.xml的以下部分中输入它
<constructor-arg>
<list>
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<!-- URL containing the metadata -->
<constructor-arg>
<!-- This URL should look something like this: https://example.okta.com/app/abc0defghijK1lmN23o4/sso/saml/metadata -->
<value type="java.lang.String">{{IDP_Metadata_Url}}</value>
</constructor-arg>
<!-- Timeout for metadata loading in ms -->
<constructor-arg>
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</list>
</constructor-arg>
</bean>
我们有一个使用Spring Boot+AngularJS开发的单个Web页面应用程序,我们希望集成Okta用于身份验证部分。 我在Okta网站上创建了一个开发人员帐户,并使用SAML 2.0配置了一个应用程序 然后,我将Okta Sign-in小部件集成在一个html页面中,如http://developer.Okta.com/code/javascript/okta_sign-in_widget
!!! DEPRECATED !!! THIS REPO IS DEPRECATED! Please see https://github.com/oktadeveloper/okta-blog
我的要求是,对于销售人员,应该允许用户在使用Okta作为身份提供者的my产品中进行SSO(单点登录)。 然而,问题在于,在这种情况下,我们希望使用salesforce作为身份提供者,使用my product作为服务提供者。 我知道我会通过联合身份通过SAML断言来做到这一点。我正在浏览各种参考资料,并努力找到实现这个案例所需遵循的确切步骤。 我可以举很多例子将Okta中的salesforce添加为
现在我的问题是,如何在自定义的而不是自定义的中重写方法?我没有在这里公布我的代码,因为它与链接的代码本质上是相同的,只是我需要为子创建一个自定义的来代替,这样它就可以按照“pptang”的答案所述进行正确的度量。 否则,有没有比在第二个RecyclerView中使用1个RecyclerView更好的方法?只能有1个RecyclerView使用上述列表和每个中唯一项的网格填充活动/片段吗?
有人能告诉我如何为IDP发起的SSO连接传递RelayState吗?我们有SSO工作,但想深度链接到服务提供商应用程序中的页面。他们在RelayState上指示我们通过,但我不知道如何格式化Okta的URL。我们正在使用应用程序嵌入式链接,并希望将RelayState附加到查询字符串中。