实施SAML SSO时出现以下错误的原因是什么
您能不能给我指个正确的方向,告诉我哪里可能出了问题:
示例消息:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://source.com/saml/SSO/alias/umhbdev.fideliseducation.com"
Destination="https://destination.com/trust/saml2/http-post/sso/519153" ForceAuthn="false"
ID="a2cg4958cgi94aji2iac7h1j6a3j0jj"
IsPassive="false"
IssueInstant="2016-04-11T15:42:47.681Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">source.com
</saml2:Issuer>
</saml2p:AuthnRequest>;
错误
INFO [11 Apr 2016 15:42:50,495] [http-nio-80-exec-1](SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java:100)
- SAML protocol message was not signed, skipping XML signature processing
ERROR [11 Apr 2016 15:42:50,495] [http-nio-80-exec-1](ExceptionFilter.java:58) - Error occurred
java.lang.IllegalArgumentException: Given URL is not well formed
at org.opensaml.util.URLBuilder.<init>(URLBuilder.java:120)
at org.opensaml.util.SimpleURLCanonicalizer.canonicalize(SimpleURLCanonicalizer.java:87)
at org.opensaml.common.binding.decoding.BasicURLComparator.compare(BasicURLComparator.java:57)
at org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder.compareEndpointURIs(BaseSAMLMessageDecoder.java:173)
at org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder.checkEndpointURI(BaseSAMLMessageDecoder.java:213)
at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:72)
at org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:105)
at org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:172)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:77)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
Caused by: java.net.MalformedURLException: no protocol: {recipient}
at java.net.URL.<init>(URL.java:593)
at java.net.URL.<init>(URL.java:490)
at java.net.URL.<init>(URL.java:439)
at org.opensaml.util.URLBuilder.<init>(URLBuilder.java:77)
... 61 more
解决方案
您的AssertionConsumer ServiceURL应该是AssertionConsumerServiceURL="https://source.com/saml/SSO"
相关文章