如何修复在 Hue 应用程序中使用 SAML 的错误

How do I fix error with using SAML in Hue application

我在 hue 应用程序中使用 saml 函数时遇到问题。

我做了所有我需要做的事情:https://docs.gethue.com/latest/administrator/configuration/server/#saml

环境

os : ubuntu 色调:4.5.0

步骤1.下面安装

git gcc python-dev swig openssl xmlsec1 libxmlsec1-openssl

步骤 2. 将元数据从 Idp 复制到本地

步骤3.用openssl制作私钥和认证

步骤 4. 设置配置 ini 文件

[[auth]] 
backend=libsaml.backend.SAML2Backend 
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/saml/host.key
cert_file=/opt/cloudera/security/saml/host.pem username_source=nameid
entity_id=https://myhuedomainname.com/saml2/metadata

步骤 5. 获取 hue 元数据并在 Idp 注册它

我在以下位置获得了色调元数据:https://myhuedomainname.com/saml2/metadata 我在我们公司使用的 Idp 上注册了它。

我觉得我做的一切都是对的。

但是当我访问 https://myhuedomainname.com 时, 我的浏览器被重定向到:https://myhuedomainname.com/saml2/login/?next=/ 然后我得到无法解决的错误

这是一次又一次重定向到同一个 url 的空白屏幕。

在浏览器控制台中,我收到了这个错误

i18n.js:17 Uncaught ReferenceError: HUE_I18n is not defined at I18n (i18n.js:17) at Module../desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at Module../desktop/core/src/desktop/js/jquery/jquery.common.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at Module../desktop/core/src/desktop/js/hue.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at Object.0 (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at checkDeferredModules (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65)

I18n @ i18n.js:17 ./desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop/core/src/desktop/js/jquery/jquery.common.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop/core/src/desktop/js/hue.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 0 @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 checkDeferredModules @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65 (anonymous) @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:241 (anonymous) @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:244

bootstrap-tooltip.js:326 Uncaught TypeError: Cannot read property 'fn' of undefined at bootstrap-tooltip.js:326 at bootstrap-tooltip.js:361 (anonymous) @ bootstrap-tooltip.js:326 (anonymous) @ bootstrap-tooltip.js:361

bootstrap-typeahead-touchscreen.js:317 Uncaught TypeError: Cannot read property 'fn' of undefined at bootstrap-typeahead-touchscreen.js:317 at bootstrap-typeahead-touchscreen.js:358 (anonymous) @ bootstrap-typeahead-touchscreen.js:317 (anonymous) @ bootstrap-typeahead-touchscreen.js:358

bootstrap-better-typeahead.min.js:12 Uncaught TypeError: Cannot read property 'extend' of undefined at bootstrap-better-typeahead.min.js:12 at bootstrap-better-typeahead.min.js:12 (anonymous) @ bootstrap-better-typeahead.min.js:12 (anonymous) @ bootstrap-better-typeahead.min.js:12

popover-extra-placements.js:113 Uncaught ReferenceError: jQuery is not defined at popover-extra-placements.js:113 (anonymous) @ popover-extra-placements.js:113

?next=/:123 Uncaught ReferenceError: Dropzone is not defined at ?next=/:123 (anonymous) @ ?next=/:123

下面是hue的日志

[23/Sep/2019 21:50:34 +0000] middleware INFO Redirecting to login page: / [23/Sep/2019 21:50:34 +0000] access INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" (mem: 158mb)-- login redirection [23/Sep/2019 21:50:34 +0000] access INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" returned in 1ms (mem: 158mb) [23/Sep/2019 21:50:34] "GET / HTTP/1.1" 302 0 [23/Sep/2019 21:50:34] "GET /static/desktop/js/bundles/hue/hue-bundle-facb48d1fb2c72ee1343.js.map HTTP/1.1" 200 7139914 [23/Sep/2019 21:50:35 +0000] access DEBUG 210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/login/ HTTP/1.1" (mem: 158mb) [23/Sep/2019 21:50:35 +0000] mdstore DEBUG
service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}], 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}], 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor, single_sign_on_service, None) [23/Sep/2019 21:50:35 +0000] mdstore
DEBUG service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}], 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor, single_sign_on_service, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}] [23/Sep/2019 21:50:35 +0000] client INFO destination to provider: https://sts.secsso.net/adfs/ls/ [23/Sep/2019 21:50:35 +0000] entity
INFO REQUEST: https://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] client INFO AuthNReq: https://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] entity INFO HTTP REDIRECT [23/Sep/2019 21:50:35 +0000] views WARNING User is using Hue 3 UI [23/Sep/2019 21:50:35 +0000] decorators INFO
AXES: Calling decorated function: dt_login [23/Sep/2019 21:50:35 +0000] decorators INFO args: (True,) [23/Sep/2019 21:50:35 +0000] access INFO 210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/login/ HTTP/1.1" returned in 250ms (mem: 158mb)

我用 hue 4.0.0 版本试过了,但它有效

我通过设置 'redirect_whitelist' 解决了它。 我只是认为这不是强制性的。但它是