首页 文章

Spring SAML单一登录ADFS响应失败,因为状态消息为空

提问于
浏览
0

我试图在Spring SAML扩展和ADFS服务器的帮助下集成单点登录我的Web应用程序,我在Spring SAML示例应用程序的帮助下整合了3个月,那时它工作得很好,但现在它给了我以下例外

AuthNRequest;SUCCESS;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;
 AuthNResponse;FAILURE;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113)
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)

SAML 2 and ADFS 3.0 IDP - SSO Invalid Status Code First time Login - But succeeds every time after

Issues while integrating ADFS with Spring SAML Extension

我经历了以上链接,但它对我不起作用,我在ADFS服务器中更改并尝试将数字签名SHA-256转换为SHA-1,但问题未解决 .

java spring-security single-sign-on saml-2.0 adfs2.0

1 回答

  • 0

    经过很多天的努力,我发现我的应用程序在互联网上工作正常,但在Intranet环境中没有工作,我检查了ADFS服务器日志然后我得到了以下异常

    Microsoft.IdentityServer.Service.SecurityTokenService.RevocationValidationException: MSIS7098: The certificate identified by thumbprint '2312312213BKHDIIDHD783j3bsd' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted.

    我已经验证了我的应用程序证书它是CA信任且有效,但是内部网中仍然存在问题,我不明白为什么ADFS服务器说它不是有效的证书并且返回

    urn:oasis:names:tc:SAML:2.0:status:Responder

    状态代码响应,然后我禁用ADFS服务器中的签名证书信任检查然后它对我来说工作正常,我不知道这是有效的解决方案,但它的工作对我来说 .

    回复于

相关问题