为 wso2 中的 API 商店应用程序设置默认 IdP
Setting the default IdP for the API store applications in wso2
我正在使用以身份服务器作为密钥管理器的集群环境。我一直在尝试使用隐式授权和授权来测试我们的应用程序和 JWT 声明。当我创建一个应用程序时,它会将自己设置为默认使用本地和出站身份验证的服务提供商,而不是我们使用 SAML 进行 Shibboleth 的联合身份验证。我遵循了这个 post 并且厌倦了它的多种变体。我尝试在 [IS_HOME] /repo/conf/identity/service-provider 中配置两个文件。 default.xml 和 sp_dashboard.xml。当我配置 sp_dashboard 时,似乎没有任何反应。但是当我配置 default.xml 并尝试通过隐式授权获取我的访问令牌时,我得到了这个错误。
此外,无需任何配置,一切正常,但需要用户使用隐式授权和授权再次登录。然后,当您使用 URL 中的访问令牌以隐式方式登录时,我将其授予 carbon,但授权将我带到 carbon,而无需使用任何代码。
日志错误
TID: [-1234] [] [2017-01-09 14:48:36,323] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:653)
at java.util.ArrayList.get(ArrayList.java:429)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:208) at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:173)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:121)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.ipl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:137)
at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1062)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:203)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265
页面错误
这是我当前的配置
SP_DASHBOARD
<ServiceProvider>
<ApplicationID>2</ApplicationID>
<ApplicationName>wso2_sp_dashboard</ApplicationName>
<Description>Default Service Provider</Description>
<InboundAuthenticationConfig>
<InboundAuthenticationRequestConfigs>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>wso2.my.dashboard</InboundAuthKey>
<InboundAuthType>samlsso</InboundAuthType>
<Properties></Properties>
</InboundAuthenticationRequestConfig>
</InboundAuthenticationRequestConfigs>
</InboundAuthenticationConfig>
<LocalAndOutBoundAuthenticationConfig>
<AuthenticationSteps>
<AuthenticationStep>
<StepOrder>1</StepOrder>
<FederatedIdentityProviders>
<IdentityProvider>
<Name>IdPSSO</Name>
<FederatedAuthenticatorConfigs>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
</FederatedAuthenticatorConfig>
</FederatedAuthenticatorConfigs>
</IdentityProvider>
</FederatedIdentityProviders>
<SubjectStep>true</SubjectStep>
<AttributeStep>true</AttributeStep>
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
<InboundProvisioningConfig></InboundProvisioningConfig>
<OutboundProvisioningConfig></OutboundProvisioningConfig>
<ClaimConfig>
<AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
</ClaimConfig>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
默认
<ServiceProvider>
<ApplicationID>1</ApplicationID>
<ApplicationName>default</ApplicationName>
<Description>Default Service Provider</Description>
<InboundAuthenticationConfig>
<InboundAuthenticationRequestConfigs>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>default</InboundAuthKey>
<InboundAuthType></InboundAuthType>
<Properties></Properties>
</InboundAuthenticationRequestConfig>
</InboundAuthenticationRequestConfigs>
</InboundAuthenticationConfig>
<LocalAndOutBoundAuthenticationConfig>
<AuthenticationSteps>
<AuthenticationStep>
<StepOrder>1</StepOrder>
<FederatedIdentityProviders>
<IdentityProvider>
<Name>IdPSSO</Name>
<FederatedAuthenticatorConfigs>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
</FederatedAuthenticatorConfig>
</FederatedAuthenticatorConfigs>
</IdentityProvider>
</FederatedIdentityProviders>
<SubjectStep>true</SubjectStep>
<AttributeStep>true</AttributeStep>
</AuthenticationStep>
</AuthenticationSteps>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
<InboundProvisioningConfig></InboundProvisioningConfig>
<OutboundProvisioningConfig></OutboundProvisioningConfig>
<ClaimConfig>
<AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
</ClaimConfig>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
找出我必须做的配置。它在 IS default.xml 中。看起来 IsEnabled 是我的配置中缺少的重要部分。
<FederatedIdentityProviders>
<IdentityProvider>
<IdentityProviderName>IdPSSO</IdentityProviderName>
<IsEnabled>true</IsEnabled>
<FederatedAuthenticatorConfigs>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
<IsEnabled>true</IsEnabled>
</FederatedAuthenticatorConfig>
</FederatedAuthenticatorConfigs>
<DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig>
</IdentityProvider>
</FederatedIdentityProviders>
我正在使用以身份服务器作为密钥管理器的集群环境。我一直在尝试使用隐式授权和授权来测试我们的应用程序和 JWT 声明。当我创建一个应用程序时,它会将自己设置为默认使用本地和出站身份验证的服务提供商,而不是我们使用 SAML 进行 Shibboleth 的联合身份验证。我遵循了这个 post 并且厌倦了它的多种变体。我尝试在 [IS_HOME] /repo/conf/identity/service-provider 中配置两个文件。 default.xml 和 sp_dashboard.xml。当我配置 sp_dashboard 时,似乎没有任何反应。但是当我配置 default.xml 并尝试通过隐式授权获取我的访问令牌时,我得到了这个错误。
此外,无需任何配置,一切正常,但需要用户使用隐式授权和授权再次登录。然后,当您使用 URL 中的访问令牌以隐式方式登录时,我将其授予 carbon,但授权将我带到 carbon,而无需使用任何代码。
日志错误
TID: [-1234] [] [2017-01-09 14:48:36,323] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:653)
at java.util.ArrayList.get(ArrayList.java:429)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:208) at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:173)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:121)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.ipl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:137)
at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1062)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:203)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265
页面错误
这是我当前的配置
SP_DASHBOARD
<ServiceProvider>
<ApplicationID>2</ApplicationID>
<ApplicationName>wso2_sp_dashboard</ApplicationName>
<Description>Default Service Provider</Description>
<InboundAuthenticationConfig>
<InboundAuthenticationRequestConfigs>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>wso2.my.dashboard</InboundAuthKey>
<InboundAuthType>samlsso</InboundAuthType>
<Properties></Properties>
</InboundAuthenticationRequestConfig>
</InboundAuthenticationRequestConfigs>
</InboundAuthenticationConfig>
<LocalAndOutBoundAuthenticationConfig>
<AuthenticationSteps>
<AuthenticationStep>
<StepOrder>1</StepOrder>
<FederatedIdentityProviders>
<IdentityProvider>
<Name>IdPSSO</Name>
<FederatedAuthenticatorConfigs>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
</FederatedAuthenticatorConfig>
</FederatedAuthenticatorConfigs>
</IdentityProvider>
</FederatedIdentityProviders>
<SubjectStep>true</SubjectStep>
<AttributeStep>true</AttributeStep>
</AuthenticationStep>
</AuthenticationSteps>
<UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
<InboundProvisioningConfig></InboundProvisioningConfig>
<OutboundProvisioningConfig></OutboundProvisioningConfig>
<ClaimConfig>
<AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
</ClaimConfig>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
默认
<ServiceProvider>
<ApplicationID>1</ApplicationID>
<ApplicationName>default</ApplicationName>
<Description>Default Service Provider</Description>
<InboundAuthenticationConfig>
<InboundAuthenticationRequestConfigs>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>default</InboundAuthKey>
<InboundAuthType></InboundAuthType>
<Properties></Properties>
</InboundAuthenticationRequestConfig>
</InboundAuthenticationRequestConfigs>
</InboundAuthenticationConfig>
<LocalAndOutBoundAuthenticationConfig>
<AuthenticationSteps>
<AuthenticationStep>
<StepOrder>1</StepOrder>
<FederatedIdentityProviders>
<IdentityProvider>
<Name>IdPSSO</Name>
<FederatedAuthenticatorConfigs>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
</FederatedAuthenticatorConfig>
</FederatedAuthenticatorConfigs>
</IdentityProvider>
</FederatedIdentityProviders>
<SubjectStep>true</SubjectStep>
<AttributeStep>true</AttributeStep>
</AuthenticationStep>
</AuthenticationSteps>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
<InboundProvisioningConfig></InboundProvisioningConfig>
<OutboundProvisioningConfig></OutboundProvisioningConfig>
<ClaimConfig>
<AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
</ClaimConfig>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
找出我必须做的配置。它在 IS default.xml 中。看起来 IsEnabled 是我的配置中缺少的重要部分。
<FederatedIdentityProviders>
<IdentityProvider>
<IdentityProviderName>IdPSSO</IdentityProviderName>
<IsEnabled>true</IsEnabled>
<FederatedAuthenticatorConfigs>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
<IsEnabled>true</IsEnabled>
</FederatedAuthenticatorConfig>
</FederatedAuthenticatorConfigs>
<DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig>
</IdentityProvider>
</FederatedIdentityProviders>