如何修复在 Hue 应用程序中使用 SAML 的错误
How do I fix error with using SAML in Hue application
我在 hue 应用程序中使用 saml 函数时遇到问题。
我做了所有我需要做的事情:https://docs.gethue.com/latest/administrator/configuration/server/#saml
环境
os : ubuntu
色调:4.5.0
步骤1.下面安装
git gcc python-dev swig openssl xmlsec1 libxmlsec1-openssl
步骤 2. 将元数据从 Idp 复制到本地
步骤3.用openssl制作私钥和认证
步骤 4. 设置配置 ini 文件
[[auth]]
backend=libsaml.backend.SAML2Backend
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/saml/host.key
cert_file=/opt/cloudera/security/saml/host.pem username_source=nameid
entity_id=https://myhuedomainname.com/saml2/metadata
步骤 5. 获取 hue 元数据并在 Idp 注册它
我在以下位置获得了色调元数据:https://myhuedomainname.com/saml2/metadata
我在我们公司使用的 Idp 上注册了它。
我觉得我做的一切都是对的。
但是当我访问 https://myhuedomainname.com 时,
我的浏览器被重定向到:https://myhuedomainname.com/saml2/login/?next=/
然后我得到无法解决的错误
这是一次又一次重定向到同一个 url 的空白屏幕。
在浏览器控制台中,我收到了这个错误
i18n.js:17 Uncaught ReferenceError: HUE_I18n is not defined
at I18n (i18n.js:17)
at Module../desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js
(hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211)
at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104)
at Module../desktop/core/src/desktop/js/jquery/jquery.common.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742)
at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104)
at Module../desktop/core/src/desktop/js/hue.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485)
at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104)
at Object.0 (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841)
at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104)
at checkDeferredModules (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65)
I18n @ i18n.js:17
./desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js @
hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211
webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop/core/src/desktop/js/jquery/jquery.common.js @
hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742
webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop/core/src/desktop/js/hue.js @
hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485
webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 0 @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841
webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 checkDeferredModules @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65
(anonymous) @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:241
(anonymous) @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:244
bootstrap-tooltip.js:326 Uncaught TypeError: Cannot read property 'fn'
of undefined
at bootstrap-tooltip.js:326
at bootstrap-tooltip.js:361 (anonymous) @ bootstrap-tooltip.js:326 (anonymous) @ bootstrap-tooltip.js:361
bootstrap-typeahead-touchscreen.js:317 Uncaught TypeError: Cannot read
property 'fn' of undefined
at bootstrap-typeahead-touchscreen.js:317
at bootstrap-typeahead-touchscreen.js:358 (anonymous) @ bootstrap-typeahead-touchscreen.js:317 (anonymous) @
bootstrap-typeahead-touchscreen.js:358
bootstrap-better-typeahead.min.js:12 Uncaught TypeError: Cannot read
property 'extend' of undefined
at bootstrap-better-typeahead.min.js:12
at bootstrap-better-typeahead.min.js:12 (anonymous) @ bootstrap-better-typeahead.min.js:12 (anonymous) @
bootstrap-better-typeahead.min.js:12
popover-extra-placements.js:113 Uncaught ReferenceError: jQuery is not
defined
at popover-extra-placements.js:113 (anonymous) @ popover-extra-placements.js:113
?next=/:123 Uncaught ReferenceError: Dropzone is not defined
at ?next=/:123 (anonymous) @ ?next=/:123
下面是hue的日志
[23/Sep/2019 21:50:34 +0000] middleware INFO Redirecting to
login page: / [23/Sep/2019 21:50:34 +0000] access INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" (mem: 158mb)-- login redirection [23/Sep/2019 21:50:34 +0000] access INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" returned in 1ms (mem: 158mb) [23/Sep/2019 21:50:34] "GET / HTTP/1.1" 302 0
[23/Sep/2019 21:50:34] "GET
/static/desktop/js/bundles/hue/hue-bundle-facb48d1fb2c72ee1343.js.map
HTTP/1.1" 200 7139914 [23/Sep/2019 21:50:35 +0000] access DEBUG
210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/login/ HTTP/1.1" (mem: 158mb) [23/Sep/2019 21:50:35 +0000] mdstore DEBUG
service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':
[{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}],
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding':
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35
+0000] mdstore DEBUG service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding':
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}],
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding':
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35
+0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor,
single_sign_on_service, None) [23/Sep/2019 21:50:35 +0000] mdstore
DEBUG service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':
[{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}],
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding':
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35
+0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor,
single_sign_on_service,
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) [23/Sep/2019
21:50:35 +0000] mdstore DEBUG service => [{'binding':
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class':
'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService',
'location': 'https://sts.secsso.net/adfs/ls/'}] [23/Sep/2019 21:50:35
+0000] client INFO destination to provider: https://sts.secsso.net/adfs/ls/ [23/Sep/2019 21:50:35 +0000] entity
INFO REQUEST:
https://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] client INFO
AuthNReq: https://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] entity INFO
HTTP REDIRECT [23/Sep/2019 21:50:35 +0000] views WARNING User
is using Hue 3 UI [23/Sep/2019 21:50:35 +0000] decorators INFO
AXES: Calling decorated function: dt_login [23/Sep/2019 21:50:35
+0000] decorators INFO args: (True,) [23/Sep/2019 21:50:35 +0000] access INFO 210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/login/ HTTP/1.1" returned in 250ms (mem: 158mb)
我用 hue 4.0.0 版本试过了,但它有效
我通过设置 'redirect_whitelist' 解决了它。
我只是认为这不是强制性的。但它是
我在 hue 应用程序中使用 saml 函数时遇到问题。
我做了所有我需要做的事情:https://docs.gethue.com/latest/administrator/configuration/server/#saml
环境
os : ubuntu 色调:4.5.0
步骤1.下面安装
git gcc python-dev swig openssl xmlsec1 libxmlsec1-openssl
步骤 2. 将元数据从 Idp 复制到本地
步骤3.用openssl制作私钥和认证
步骤 4. 设置配置 ini 文件
[[auth]]
backend=libsaml.backend.SAML2Backend
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/saml/host.key
cert_file=/opt/cloudera/security/saml/host.pem username_source=nameid
entity_id=https://myhuedomainname.com/saml2/metadata
步骤 5. 获取 hue 元数据并在 Idp 注册它
我在以下位置获得了色调元数据:https://myhuedomainname.com/saml2/metadata 我在我们公司使用的 Idp 上注册了它。
我觉得我做的一切都是对的。
但是当我访问 https://myhuedomainname.com 时, 我的浏览器被重定向到:https://myhuedomainname.com/saml2/login/?next=/ 然后我得到无法解决的错误
这是一次又一次重定向到同一个 url 的空白屏幕。
在浏览器控制台中,我收到了这个错误
i18n.js:17 Uncaught ReferenceError: HUE_I18n is not defined at I18n (i18n.js:17) at Module../desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at Module../desktop/core/src/desktop/js/jquery/jquery.common.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at Module../desktop/core/src/desktop/js/hue.js (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at Object.0 (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841) at webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) at checkDeferredModules (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65)
I18n @ i18n.js:17 ./desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop/core/src/desktop/js/jquery/jquery.common.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop/core/src/desktop/js/hue.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 0 @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 checkDeferredModules @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65 (anonymous) @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:241 (anonymous) @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:244
bootstrap-tooltip.js:326 Uncaught TypeError: Cannot read property 'fn' of undefined at bootstrap-tooltip.js:326 at bootstrap-tooltip.js:361 (anonymous) @ bootstrap-tooltip.js:326 (anonymous) @ bootstrap-tooltip.js:361
bootstrap-typeahead-touchscreen.js:317 Uncaught TypeError: Cannot read property 'fn' of undefined at bootstrap-typeahead-touchscreen.js:317 at bootstrap-typeahead-touchscreen.js:358 (anonymous) @ bootstrap-typeahead-touchscreen.js:317 (anonymous) @ bootstrap-typeahead-touchscreen.js:358
bootstrap-better-typeahead.min.js:12 Uncaught TypeError: Cannot read property 'extend' of undefined at bootstrap-better-typeahead.min.js:12 at bootstrap-better-typeahead.min.js:12 (anonymous) @ bootstrap-better-typeahead.min.js:12 (anonymous) @ bootstrap-better-typeahead.min.js:12
popover-extra-placements.js:113 Uncaught ReferenceError: jQuery is not defined at popover-extra-placements.js:113 (anonymous) @ popover-extra-placements.js:113
?next=/:123 Uncaught ReferenceError: Dropzone is not defined at ?next=/:123 (anonymous) @ ?next=/:123
下面是hue的日志
[23/Sep/2019 21:50:34 +0000] middleware INFO Redirecting to login page: / [23/Sep/2019 21:50:34 +0000] access INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" (mem: 158mb)-- login redirection [23/Sep/2019 21:50:34 +0000] access INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" returned in 1ms (mem: 158mb) [23/Sep/2019 21:50:34] "GET / HTTP/1.1" 302 0 [23/Sep/2019 21:50:34] "GET /static/desktop/js/bundles/hue/hue-bundle-facb48d1fb2c72ee1343.js.map HTTP/1.1" 200 7139914 [23/Sep/2019 21:50:35 +0000] access DEBUG 210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/login/ HTTP/1.1" (mem: 158mb) [23/Sep/2019 21:50:35 +0000] mdstore DEBUG
service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}], 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}], 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor, single_sign_on_service, None) [23/Sep/2019 21:50:35 +0000] mdstore
DEBUG service => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}], 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}]} [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor, single_sign_on_service, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) [23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'class': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'location': 'https://sts.secsso.net/adfs/ls/'}] [23/Sep/2019 21:50:35 +0000] client INFO destination to provider: https://sts.secsso.net/adfs/ls/ [23/Sep/2019 21:50:35 +0000] entity
INFO REQUEST: https://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] client INFO AuthNReq: https://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] entity INFO HTTP REDIRECT [23/Sep/2019 21:50:35 +0000] views WARNING User is using Hue 3 UI [23/Sep/2019 21:50:35 +0000] decorators INFO
AXES: Calling decorated function: dt_login [23/Sep/2019 21:50:35 +0000] decorators INFO args: (True,) [23/Sep/2019 21:50:35 +0000] access INFO 210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/login/ HTTP/1.1" returned in 250ms (mem: 158mb)
我用 hue 4.0.0 版本试过了,但它有效
我通过设置 'redirect_whitelist' 解决了它。 我只是认为这不是强制性的。但它是