首页 文章

WSO2 API Publisher SAML SSO登录失败

提问于
浏览
0

我配置了WSO2 API Publisher(1.10.0)SAML SSO但是登录失败并出现以下错误:

TID: [-1234] [] [2016-02-10 18:33:16,643]  WARN {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} -  Destination validation for Authentication Request failed. Received: [null]. Expected one in the list: [https://identity.mydomain.pt:443/samlsso]

File publisher/site/conf/site.json:

"ssoConfiguration" : {
    "enabled" : "true",
    "issuer" : "apis-publisher",
    "identityProviderURL" : "https://identity.mydomain.pt:443/samlsso",
    "keyStorePassword" : "wso2carbon",
    "identityAlias" : "wso2carbon",
    "responseSigningEnabled":"true",
    "keyStoreName" :"/home/wso2/wso2am-1.10.0/repository/resources/security/wso2carbon.jks",
    //"nameIdPolicy" : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", //If not specified, 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' will be used
},

and the service provider configuration (sso-idp-config.xml):

<!-- API MANAGER PUBLISHER -->
<ServiceProvider>
    <Issuer>apis-publisher</Issuer>
    <AssertionConsumerServiceURLs>
        <AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
        <AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
    </AssertionConsumerServiceURLs>
    <DefaultAssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
    <EnableSingleLogout>true</EnableSingleLogout>
    <SLOResponseURL/>
    <SLORequestURL/>
    <SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
    <SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
    <SignResponse>true</SignResponse>
    <ValidateSignatures>true</ValidateSignatures>
    <EncryptAssertion>false</EncryptAssertion>
    <CertAlias>wso2carbon</CertAlias>
    <EnableAttributeProfile>false</EnableAttributeProfile>
    <IncludeAttributeByDefault>false</IncludeAttributeByDefault>
    <ConsumingServiceIndex/>
    <EnableAudienceRestriction>false</EnableAudienceRestriction>
    <AudiencesList>
        <Audience>apis-publisher</Audience>
    </AudiencesList>
    <EnableRecipients>false</EnableRecipients>
    <RecipientList>
        <Recipient/>
    </RecipientList>
    <EnableIdPInitiatedSSO>false</EnableIdPInitiatedSSO>
    <EnableIdPInitSLO>false</EnableIdPInitSLO>
    <ReturnToURLList>
        <ReturnToURL/>
    </ReturnToURLList>
</ServiceProvider>

我为API Store做了相同的配置,登录工作正常 .

wso2 wso2-am

1 回答

  • -1

    我通过关闭签名验证来解决我的问题 .

    <ValidateSignatures>false</ValidateSignatures>
    回复于

相关问题