我正在运行wso2 saml SSO示例(travelocity.com),它与saml运行良好 . 但是当我在wso2is中配置oAuth并在travelocity属性文件中设置 EnableSAML2Grant=true 时,我收到以下错误
org.wso2.carbon.identity.sso.agent.exception.SSOAgentException:在org.wso2.carbon.identity.sso.agent.oauth2.SAML2GrantAccessTokenRequestor.getAccessToken(SAML2GrantAccessTokenRequestor.java:SAML2授权类型)中使用SAML2授权类型检索OAuth2访问令牌时出错: 63)atg.apache.atity.sso.agent.SSOAgentFilter.doFilter(SSOAgentFilter.java:135)org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)org.apache.catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122 )org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)位于org.apache.catalina.valves.ErrorReportValve的org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) . 在org.apache.catalina.valves中调用(ErrorReportValve.java:103) . 访问org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)的org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)中的AccessLogValve.invoke(AccessLogValve.java:956) .apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:625)at org.apache.tomcat.util.net.JIoEndpoint $ SocketProcessor .run(JIoEndpoint.java:318)java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)位于org.apache的java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615) . java.lang.Thread.run(Thread.java:745)中的tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)引起:javax.net.ssl.SSLHandshakeException:sun.security.validator . ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的证书路径要求sun.security.ssl.Alerts.getSSLException(Alerts.java:192)在sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916)sun.security.ssl.Handshaker.fatalSE(Handshaker . java:279)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1472)at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker .java:213)at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)at sun.security.ssl.SSLSocketImpl.readRecord( SSLSocketImpl.java:1035)sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)at sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:1355)at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection .connect(www.deotgate.https.https.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1093)at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream . (HttpsURLConnectionImpl.java:250).connect(AbstractDelegateHttpsURLConnection.java:185) )org.wso2.carbon.identity.sso.agent.oauth2.SAML2GrantAccessTokenRequestor.executePost(SAML2GrantAccessTokenRequestor.java:88)at org.wso2.carbon.identity.sso.agent.oauth2.SAML2GrantAccessTokenRequestor.getAccessToken(SAML2GrantAccessTokenRequestor.java:50 )... 18更多引起:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security.validator.PKIXValidator上找到所请求目标的有效证书路径 . doBuild(PKIXValidator.java:385)位于sun.security.ssl.X509TrustManagerImpl的sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)sun.security.validator.Validator.validate(Validator.java:260) .validate(X509TrustManag erImpl.java:326)sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)at sun.security.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1454)... 31更多引起:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java)找到所请求目标的有效证书路径:196)at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)... 37更多
1 回答
根据你需要的文档[1]设置
EnableOAuth2SAML2Grant=true以在travelocity属性文件中配置OAuth .[1] https://docs.wso2.com/display/IS510/SAML2+Bearer+Assertion+Profile+for+OAuth+2.0+with+WSO2+Travelocity
谢谢 .