使用带有 Postgres 的 Shibboleth IdP 3.3.2 的连接器配置无效
Invalid connector configuration using Shibboleth IdP 3.3.2 with Postgres
我在属性中使用 DataConnector-resolver.xml 连接到数据库并获取属性。
当我使用下面的配置连接到本地 postgres 时,它可以工作,这意味着我能够转到未经请求的 idp link idp/profile/SAML2/Unsolicited,验证并获取属性并生成 Saml2 断言并发送它SP.
<DataConnector id="myDatabase" xsi:type="RelationalDatabase">
<ApplicationManagedConnection
jdbcDriver="org.postgresql.Driver" jdbcURL="jdbc:postgresql://localhost:5432/postgres"
jdbcUserName="postgres" jdbcPassword="postgresql" />
<QueryTemplate>
<![CDATA[
SELECT password, 12345 as EmployeeID, 'Nilesh' as FirstName, 'Lulla' as LastName from users where username='$requestContext.principalName'
]]>
</QueryTemplate>
<Column columnName="password" attributeID="password" />
<Column columnName="employeeid" attributeID="EmployeeID" />
<Column columnName="firstname" attributeID="FirstName" />
<Column columnName="lastname" attributeID="LastName" />
</DataConnector>
当我使用 postgres 服务器 url 和连接字符串时出现错误,Shibboleth 根本没有启动。状态页面也打不开。 https://idp.abc.com/idp/status
<DataConnector id="myDatabase" xsi:type="RelationalDatabase">
<ApplicationManagedConnection
jdbcDriver="org.postgresql.Driver" jdbcURL="jdbc:postgresql://TPA1238.enterprise.org:5444/cpe_admin"
jdbcUserName="admin_temp" jdbcPassword="temp2018" />
<QueryTemplate>
<![CDATA[
SELECT panelist_id, first_name, last_name from user_details where user_id='$requestContext.principalName'
]]>
</QueryTemplate>
<Column columnName="panelist_id" attributeID="EmployeeID" />
<Column columnName="first_name" attributeID="FirstName" />
<Column columnName="last_name" attributeID="LastName" />
</DataConnector>
我收到以下错误:
2018-02-02 21:24:44,530 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:568] - Retrieved dependent beans for bean '(inner bean)#1c33e528': [eduPersonPrincipalName]
2018-02-02 21:24:44,530 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name '(inner bean)#53d2d002'
2018-02-02 21:24:44,531 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name '(inner bean)#5b39a3e6'
2018-02-02 21:24:44,531 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2ScopedStringAttributeEncoder#0'
2018-02-02 21:24:44,532 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML1ScopedStringAttributeEncoder#0'
2018-02-02 21:24:44,542 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] - Service 'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDatabase': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
at net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:336)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDatabase': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
Caused by: net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.RDBMSDataConnector.doInitialize(RDBMSDataConnector.java:141)
Caused by: net.shibboleth.idp.attribute.resolver.dc.ValidationException: Invalid connector configuration
at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.DataSourceValidator.validate(DataSourceValidator.java:165)
Caused by: java.sql.SQLException: An SQLException was provoked by the following failure: java.lang.InterruptedException
at com.mchange.v2.sql.SqlUtils.toSQLException(SqlUtils.java:118)
Caused by: java.lang.InterruptedException: null
at java.lang.Object.wait(Native Method)
2018-02-02 21:24:44,543 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:183] - Service 'shibboleth.AttributeResolverService': Continuing to poll configuration
2018-02-02 21:24:44,543 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:199] - Service 'shibboleth.AttributeResolverService': Reload time set to: 900000, starting refresh thread
2018-02-02 21:24:44,544 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:484] - Finished creating instance of bean 'shibboleth.AttributeResolverService'
和
018-02-02 21:24:44,580 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:251] - Returning cached instance of singleton bean 'shibboleth.IdentifiableBeanPostProcessor'
2018-02-02 21:24:44,583 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:251] - Returning cached instance of singleton bean 'shibboleth.NameIdentifierGenerationResources'
2018-02-02 21:24:44,584 - TRACE [org.springframework.beans.TypeConverterDelegate:438] - Converting String to [interface org.springframework.core.io.Resource] using property editor [org.springframework.core.io.ResourceEditor@800d065]
2018-02-02 21:24:44,586 - TRACE [org.springframework.beans.TypeConverterDelegate:438] - Converting String to [interface org.springframework.core.io.Resource] using property editor [org.springframework.core.io.ResourceEditor@800d065]
2018-02-02 21:24:44,592 - DEBUG [org.springframework.beans.TypeConverterDelegate:315] - Original ConversionService attempt failed - ignored since PropertyEditor based conversion eventually succeeded
org.springframework.core.convert.ConversionFailedException: Failed to convert from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable java.util.List<org.springframework.core.io.Resource>] for value '[C:/Program Files (x86)/Shibboleth/IdP/conf/saml-nameid.xml, C:/Program Files (x86)/Shibboleth/IdP/system/conf/saml-nameid-system.xml]'; nested exception is org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable org.springframework.core.io.Resource]
at org.springframework.core.convert.support.ConversionUtils.invokeConverter(ConversionUtils.java:42)
Caused by: org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable org.springframework.core.io.Resource]
at org.springframework.core.convert.support.GenericConversionService.handleConverterNotFound(GenericConversionService.java:313)
2018-02-02 21:24:44,596 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:1678] - Invoking init method 'initialize' on bean with name 'shibboleth.NameIdentifierGenerationService'
2018-02-02 21:24:44,597 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:172] - Service 'shibboleth.NameIdentifierGenerationService': Performing initial load
2018-02-02 21:24:44,598 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:258] - Service 'shibboleth.NameIdentifierGenerationService': Reloading service configuration
当我使用本地 postgres 获取 attribute-resolver.xml 中的属性时,当我使用 JAAS 和工作正常的相同 postgres 服务器配置时进行身份验证。
com.tagish.auth.DBLogin required debug=true dbDriver="org.postgresql.Driver"
dbURL="jdbc:postgresql://TPA1238.enterprise.org:5444/cpe_admin" dbUser="admin_temp" dbPassword="temp2018"
userTable="user_details" userColumn="user_id" passColumn="user_id";
存在一些兼容性问题,为此我刚刚将我的 postgres 驱动程序升级到最新版本并且它有效。 Link 下载驱动程序。 https://jdbc.postgresql.org/download.html
我使用的是 postgresql-9.4.1211。jre6.jar 我尝试使用 postgresql-42.2。1.jar 它有效。
我在属性中使用 DataConnector-resolver.xml 连接到数据库并获取属性。
当我使用下面的配置连接到本地 postgres 时,它可以工作,这意味着我能够转到未经请求的 idp link idp/profile/SAML2/Unsolicited,验证并获取属性并生成 Saml2 断言并发送它SP.
<DataConnector id="myDatabase" xsi:type="RelationalDatabase">
<ApplicationManagedConnection
jdbcDriver="org.postgresql.Driver" jdbcURL="jdbc:postgresql://localhost:5432/postgres"
jdbcUserName="postgres" jdbcPassword="postgresql" />
<QueryTemplate>
<![CDATA[
SELECT password, 12345 as EmployeeID, 'Nilesh' as FirstName, 'Lulla' as LastName from users where username='$requestContext.principalName'
]]>
</QueryTemplate>
<Column columnName="password" attributeID="password" />
<Column columnName="employeeid" attributeID="EmployeeID" />
<Column columnName="firstname" attributeID="FirstName" />
<Column columnName="lastname" attributeID="LastName" />
</DataConnector>
当我使用 postgres 服务器 url 和连接字符串时出现错误,Shibboleth 根本没有启动。状态页面也打不开。 https://idp.abc.com/idp/status
<DataConnector id="myDatabase" xsi:type="RelationalDatabase">
<ApplicationManagedConnection
jdbcDriver="org.postgresql.Driver" jdbcURL="jdbc:postgresql://TPA1238.enterprise.org:5444/cpe_admin"
jdbcUserName="admin_temp" jdbcPassword="temp2018" />
<QueryTemplate>
<![CDATA[
SELECT panelist_id, first_name, last_name from user_details where user_id='$requestContext.principalName'
]]>
</QueryTemplate>
<Column columnName="panelist_id" attributeID="EmployeeID" />
<Column columnName="first_name" attributeID="FirstName" />
<Column columnName="last_name" attributeID="LastName" />
</DataConnector>
我收到以下错误:
2018-02-02 21:24:44,530 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:568] - Retrieved dependent beans for bean '(inner bean)#1c33e528': [eduPersonPrincipalName]
2018-02-02 21:24:44,530 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name '(inner bean)#53d2d002'
2018-02-02 21:24:44,531 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name '(inner bean)#5b39a3e6'
2018-02-02 21:24:44,531 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2ScopedStringAttributeEncoder#0'
2018-02-02 21:24:44,532 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML1ScopedStringAttributeEncoder#0'
2018-02-02 21:24:44,542 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] - Service 'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDatabase': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
at net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:336)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDatabase': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
Caused by: net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.RDBMSDataConnector.doInitialize(RDBMSDataConnector.java:141)
Caused by: net.shibboleth.idp.attribute.resolver.dc.ValidationException: Invalid connector configuration
at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.DataSourceValidator.validate(DataSourceValidator.java:165)
Caused by: java.sql.SQLException: An SQLException was provoked by the following failure: java.lang.InterruptedException
at com.mchange.v2.sql.SqlUtils.toSQLException(SqlUtils.java:118)
Caused by: java.lang.InterruptedException: null
at java.lang.Object.wait(Native Method)
2018-02-02 21:24:44,543 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:183] - Service 'shibboleth.AttributeResolverService': Continuing to poll configuration
2018-02-02 21:24:44,543 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:199] - Service 'shibboleth.AttributeResolverService': Reload time set to: 900000, starting refresh thread
2018-02-02 21:24:44,544 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:484] - Finished creating instance of bean 'shibboleth.AttributeResolverService'
和
018-02-02 21:24:44,580 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:251] - Returning cached instance of singleton bean 'shibboleth.IdentifiableBeanPostProcessor'
2018-02-02 21:24:44,583 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:251] - Returning cached instance of singleton bean 'shibboleth.NameIdentifierGenerationResources'
2018-02-02 21:24:44,584 - TRACE [org.springframework.beans.TypeConverterDelegate:438] - Converting String to [interface org.springframework.core.io.Resource] using property editor [org.springframework.core.io.ResourceEditor@800d065]
2018-02-02 21:24:44,586 - TRACE [org.springframework.beans.TypeConverterDelegate:438] - Converting String to [interface org.springframework.core.io.Resource] using property editor [org.springframework.core.io.ResourceEditor@800d065]
2018-02-02 21:24:44,592 - DEBUG [org.springframework.beans.TypeConverterDelegate:315] - Original ConversionService attempt failed - ignored since PropertyEditor based conversion eventually succeeded
org.springframework.core.convert.ConversionFailedException: Failed to convert from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable java.util.List<org.springframework.core.io.Resource>] for value '[C:/Program Files (x86)/Shibboleth/IdP/conf/saml-nameid.xml, C:/Program Files (x86)/Shibboleth/IdP/system/conf/saml-nameid-system.xml]'; nested exception is org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable org.springframework.core.io.Resource]
at org.springframework.core.convert.support.ConversionUtils.invokeConverter(ConversionUtils.java:42)
Caused by: org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable org.springframework.core.io.Resource]
at org.springframework.core.convert.support.GenericConversionService.handleConverterNotFound(GenericConversionService.java:313)
2018-02-02 21:24:44,596 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:1678] - Invoking init method 'initialize' on bean with name 'shibboleth.NameIdentifierGenerationService'
2018-02-02 21:24:44,597 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:172] - Service 'shibboleth.NameIdentifierGenerationService': Performing initial load
2018-02-02 21:24:44,598 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:258] - Service 'shibboleth.NameIdentifierGenerationService': Reloading service configuration
当我使用本地 postgres 获取 attribute-resolver.xml 中的属性时,当我使用 JAAS 和工作正常的相同 postgres 服务器配置时进行身份验证。
com.tagish.auth.DBLogin required debug=true dbDriver="org.postgresql.Driver"
dbURL="jdbc:postgresql://TPA1238.enterprise.org:5444/cpe_admin" dbUser="admin_temp" dbPassword="temp2018"
userTable="user_details" userColumn="user_id" passColumn="user_id";
存在一些兼容性问题,为此我刚刚将我的 postgres 驱动程序升级到最新版本并且它有效。 Link 下载驱动程序。 https://jdbc.postgresql.org/download.html
我使用的是 postgresql-9.4.1211。jre6.jar 我尝试使用 postgresql-42.2。1.jar 它有效。