为 wso2 中的 API 商店应用程序设置默认 IdP

Setting the default IdP for the API store applications in wso2

我正在使用以身份服务器作为密钥管理器的集群环境。我一直在尝试使用隐式授权和授权来测试我们的应用程序和 JWT 声明。当我创建一个应用程序时,它会将自己设置为默认使用本地和出站身份验证的服务提供商,而不是我们使用 SAML 进行 Shibboleth 的联合身份验证。我遵循了这个 post 并且厌倦了它的多种变体。我尝试在 [IS_HOME] /repo/conf/identity/service-provider 中配置两个文件。 default.xml 和 sp_dashboard.xml。当我配置 sp_dashboard 时,似乎没有任何反应。但是当我配置 default.xml 并尝试通过隐式授权获取我的访问令牌时,我得到了这个错误。

此外,无需任何配置,一切正常,但需要用户使用隐式授权和授权再次登录。然后,当您使用 URL 中的访问令牌以隐式方式登录时,我将其授予 carbon,但授权将我带到 carbon,而无需使用任何代码。

日志错误

TID: [-1234] [] [2017-01-09 14:48:36,323] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} -  Exception in Authentication Framework java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
    at java.util.ArrayList.rangeCheck(ArrayList.java:653)
    at java.util.ArrayList.get(ArrayList.java:429)
    at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:208) at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:173)
    at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:121)
    at org.wso2.carbon.identity.application.authentication.framework.handler.request.ipl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:137)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1062)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:203)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.run(ServiceInvokerInterceptor.java:58)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265

页面错误

这是我当前的配置

SP_DASHBOARD

<ServiceProvider>
    <ApplicationID>2</ApplicationID>
    <ApplicationName>wso2_sp_dashboard</ApplicationName>
    <Description>Default Service Provider</Description>
    <InboundAuthenticationConfig>
            <InboundAuthenticationRequestConfigs>
                    <InboundAuthenticationRequestConfig>
                            <InboundAuthKey>wso2.my.dashboard</InboundAuthKey>
                            <InboundAuthType>samlsso</InboundAuthType>
                            <Properties></Properties>
                    </InboundAuthenticationRequestConfig>
            </InboundAuthenticationRequestConfigs>
    </InboundAuthenticationConfig>
    <LocalAndOutBoundAuthenticationConfig>
            <AuthenticationSteps>
                    <AuthenticationStep>
                            <StepOrder>1</StepOrder>
                            <FederatedIdentityProviders>
                            <IdentityProvider>
                                   <Name>IdPSSO</Name>
                                 <FederatedAuthenticatorConfigs>
                                         <FederatedAuthenticatorConfig>
                                                 <Name>SAMLSSOAuthenticator</Name>
                                         </FederatedAuthenticatorConfig>
                                 </FederatedAuthenticatorConfigs>
                             </IdentityProvider>
                            </FederatedIdentityProviders>
                            <SubjectStep>true</SubjectStep>
                            <AttributeStep>true</AttributeStep>
                    </AuthenticationStep>
            </AuthenticationSteps>
            <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
            <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
    </LocalAndOutBoundAuthenticationConfig>
   <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
   <InboundProvisioningConfig></InboundProvisioningConfig>
    <OutboundProvisioningConfig></OutboundProvisioningConfig>
    <ClaimConfig>
      <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
   </ClaimConfig>
    <PermissionAndRoleConfig></PermissionAndRoleConfig>

默认

<ServiceProvider>
    <ApplicationID>1</ApplicationID>
    <ApplicationName>default</ApplicationName>
    <Description>Default Service Provider</Description>
    <InboundAuthenticationConfig>
            <InboundAuthenticationRequestConfigs>
                    <InboundAuthenticationRequestConfig>
                            <InboundAuthKey>default</InboundAuthKey>
                            <InboundAuthType></InboundAuthType>
                            <Properties></Properties>
                    </InboundAuthenticationRequestConfig>
            </InboundAuthenticationRequestConfigs>
    </InboundAuthenticationConfig>
    <LocalAndOutBoundAuthenticationConfig>
            <AuthenticationSteps>
                    <AuthenticationStep>
                            <StepOrder>1</StepOrder>
                            <FederatedIdentityProviders>
                             <IdentityProvider>
                                   <Name>IdPSSO</Name>
                                 <FederatedAuthenticatorConfigs>
                                         <FederatedAuthenticatorConfig>
                                                 <Name>SAMLSSOAuthenticator</Name>
                                         </FederatedAuthenticatorConfig>
                                 </FederatedAuthenticatorConfigs>
                             </IdentityProvider>
                            </FederatedIdentityProviders>
                            <SubjectStep>true</SubjectStep>
                            <AttributeStep>true</AttributeStep>
                    </AuthenticationStep>
            </AuthenticationSteps>
    </LocalAndOutBoundAuthenticationConfig>
    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
    <InboundProvisioningConfig></InboundProvisioningConfig>
    <OutboundProvisioningConfig></OutboundProvisioningConfig>
    <ClaimConfig>
      <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
   </ClaimConfig>
    <PermissionAndRoleConfig></PermissionAndRoleConfig>

找出我必须做的配置。它在 IS default.xml 中。看起来 IsEnabled 是我的配置中缺少的重要部分。

<FederatedIdentityProviders>
    <IdentityProvider>
      <IdentityProviderName>IdPSSO</IdentityProviderName>
          <IsEnabled>true</IsEnabled>
       <FederatedAuthenticatorConfigs>
         <FederatedAuthenticatorConfig>
            <Name>SAMLSSOAuthenticator</Name>
            <IsEnabled>true</IsEnabled>
          </FederatedAuthenticatorConfig>
       </FederatedAuthenticatorConfigs>
       <DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig>
     </IdentityProvider>
</FederatedIdentityProviders>