WSO2 身份服务器 - SAML - 重定向页面一直在加载,而不是将我带到应用程序
WSO2 Identity server - SAML - redirection page keeps loading forever instead of taking me to the application
我正在使用 WSO2 身份服务器作为身份提供者实现单点登录功能,PHP-SimpleSamlPhp 包和本文后面的 Drupal https://wso2.com/library/articles/2014/10/wso2-identity-server-single-sign-on-with-drupal/
一切都已成功设置如下。
- 访问drupal app登录页面,点击federated link
- 这会将您重定向到预期的 WSO2 IS 登录页面
- 您输入凭据(存储在 WSO2 中)并单击登录
- 该页面将您重定向到 samlsso URL
https://localhost:9443/samlsso?SAMLRequest=fZJNT....
- 此页面一直在加载,上面 URL 中的 SAMLRequest 值一直在变化。
日志
- 这出现在上面的第 2 点
TID: [-1234] [] [2020-04-12 18:48:14,334] [http://localhost/drupal-8.8.5/en/saml_login] INFO {org.opensaml.core.config.InitializationService} - Initializing OpenSAML using the Java Services API
- 这出现在上面的第 5 点
TID: [-1234] [2020-04-12 18:53:06,793] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"Claim Value":"ebdefe27-3912-4502-ad48-5b1a2ee30224","Users":["wickrema"],"Claim":"http://wso2.org/claims/userid"} Outcome=Success
TID: [-1234] [2020-04-12 18:53:06,793] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=wickrema Data={"Claims":{"http://wso2.org/claims/username":"wickrema","http://wso2.org/claims/userid":"ebdefe27-3912-4502-ad48-5b1a2ee30224","http://wso2.org/claims/created":"2020-04-11T20:53:00.424Z","http://wso2.org/claims/role":"Internal/everyone","http://wso2.org/claims/fullname":"wickrema","http://wso2.org/claims/modified":"2020-04-11T20:53:33.922Z","http://wso2.org/claims/emailaddress":"wickrema@abc.com","http://wso2.org/claims/lastname":"Edirisooriya","http://wso2.org/claims/givenname":"Wickrema","http://wso2.org/claims/resourceType":"User","http://wso2.org/claims/userprincipal":"wickrema"}} Outcome=Success
TID: [-1234] [2020-04-12 18:53:06,794] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator : wickrema | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "4f08f619-e1dd-43be-8119-6cc7ea7238ee","AuthenticatedUser" : "wickrema","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "simplesamlphp","RequestType" : "samlsso","RelyingParty" : "simplesaml","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNTg2NzA2Nzg2NzcxMzAwMCwiaWF0IjoxNTg2NzA2Nzg2NzcxLCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19." } | Result : Success
图片
- 更多来自 HTTP 日志
0:0:0:0:0:0:0:1 - - [12/Apr/2020:20:04:20 +0300] GET /samlsso?SAMLRequest=fZJRT4MwEMe%2FCuk7a2EdyxpYMrcYl0wlG%2Frgi%2BlokSalxV5x%2Bu0FpnG%2B7KnN3f3%2B%2F7trU%2BCNbtmq87XZy%2FdOgg8%2BG22AjYkMdc4wy0EBM7yRwHzJDqv7HYsnhLXOeltajS6Q6wQHkM4ra1Cw3WTolc5oRZOjmJMpp1WViGRBovmUz%2BKSCCGiOJmRhSA0Iih4lg56MkO9UI8DdHJrwHPj%2BxCJSUhoGMVFNGeEspi8oGDTT6MM9yNVe98Cw1jbkuvagmcLSqd46BnAomD129raGuga6Q7SfahSPu13Z%2FiSxaCaVssBxo0VXX8dlTC04xmHvIRJW7f4BDYOoUVB%2FrOsG2WEMm%2FX93Q8FwG7K4o8zB8PBVqmgzAb53bLP%2F8UX8bT83s%2B9IrbTW61Kr%2BCW%2Bsa7q8bDhElwmosZd5xA0oa369Fa3taO8m9zJB3nUR4ebb8%2F2uW3w%3D%3D&RelayState=http%3A%2F%2Flocalhost%2Fdrupal-8.8.5%2Fen%2Fsaml_login HTTP/1.1 200 6020 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36 Edg/80.0.361.111 0.043
- 下面是 authsources 和 identity provider 配置
- 当我按照评论中的建议进行 cookie 检查时,这就是我的发现。
按要求添加答案作为步骤
根据设计,域名必须至少有两个点;否则浏览器会认为它们无效。 (参见 http://curl.haxx.se/rfc/cookie_spec.html 上的参考资料)
在本地主机上工作时,必须完全省略 cookie 域。
通过添加以下条目修改文件 /etc/hosts
localhost.com127.0.0.1
然后将域用作 localhost.com
为了在您的浏览器中更好地跟踪 cookie,还请按照 link https://brainshark.zendesk.com/hc/en-us/articles/205043644-Performing-a-Browser-Trace-Chrome
中的步骤操作
我正在使用 WSO2 身份服务器作为身份提供者实现单点登录功能,PHP-SimpleSamlPhp 包和本文后面的 Drupal https://wso2.com/library/articles/2014/10/wso2-identity-server-single-sign-on-with-drupal/
一切都已成功设置如下。
- 访问drupal app登录页面,点击federated link
- 这会将您重定向到预期的 WSO2 IS 登录页面
- 您输入凭据(存储在 WSO2 中)并单击登录
- 该页面将您重定向到 samlsso URL
https://localhost:9443/samlsso?SAMLRequest=fZJNT.... - 此页面一直在加载,上面 URL 中的 SAMLRequest 值一直在变化。
日志
- 这出现在上面的第 2 点
TID: [-1234] [] [2020-04-12 18:48:14,334] [http://localhost/drupal-8.8.5/en/saml_login] INFO {org.opensaml.core.config.InitializationService} - Initializing OpenSAML using the Java Services API
- 这出现在上面的第 5 点
TID: [-1234] [2020-04-12 18:53:06,793] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"Claim Value":"ebdefe27-3912-4502-ad48-5b1a2ee30224","Users":["wickrema"],"Claim":"http://wso2.org/claims/userid"} Outcome=Success
TID: [-1234] [2020-04-12 18:53:06,793] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=wickrema Data={"Claims":{"http://wso2.org/claims/username":"wickrema","http://wso2.org/claims/userid":"ebdefe27-3912-4502-ad48-5b1a2ee30224","http://wso2.org/claims/created":"2020-04-11T20:53:00.424Z","http://wso2.org/claims/role":"Internal/everyone","http://wso2.org/claims/fullname":"wickrema","http://wso2.org/claims/modified":"2020-04-11T20:53:33.922Z","http://wso2.org/claims/emailaddress":"wickrema@abc.com","http://wso2.org/claims/lastname":"Edirisooriya","http://wso2.org/claims/givenname":"Wickrema","http://wso2.org/claims/resourceType":"User","http://wso2.org/claims/userprincipal":"wickrema"}} Outcome=Success
TID: [-1234] [2020-04-12 18:53:06,794] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator : wickrema | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "4f08f619-e1dd-43be-8119-6cc7ea7238ee","AuthenticatedUser" : "wickrema","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "simplesamlphp","RequestType" : "samlsso","RelyingParty" : "simplesaml","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNTg2NzA2Nzg2NzcxMzAwMCwiaWF0IjoxNTg2NzA2Nzg2NzcxLCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19." } | Result : Success
图片
- 更多来自 HTTP 日志
0:0:0:0:0:0:0:1 - - [12/Apr/2020:20:04:20 +0300] GET /samlsso?SAMLRequest=fZJRT4MwEMe%2FCuk7a2EdyxpYMrcYl0wlG%2Frgi%2BlokSalxV5x%2Bu0FpnG%2B7KnN3f3%2B%2F7trU%2BCNbtmq87XZy%2FdOgg8%2BG22AjYkMdc4wy0EBM7yRwHzJDqv7HYsnhLXOeltajS6Q6wQHkM4ra1Cw3WTolc5oRZOjmJMpp1WViGRBovmUz%2BKSCCGiOJmRhSA0Iih4lg56MkO9UI8DdHJrwHPj%2BxCJSUhoGMVFNGeEspi8oGDTT6MM9yNVe98Cw1jbkuvagmcLSqd46BnAomD129raGuga6Q7SfahSPu13Z%2FiSxaCaVssBxo0VXX8dlTC04xmHvIRJW7f4BDYOoUVB%2FrOsG2WEMm%2FX93Q8FwG7K4o8zB8PBVqmgzAb53bLP%2F8UX8bT83s%2B9IrbTW61Kr%2BCW%2Bsa7q8bDhElwmosZd5xA0oa369Fa3taO8m9zJB3nUR4ebb8%2F2uW3w%3D%3D&RelayState=http%3A%2F%2Flocalhost%2Fdrupal-8.8.5%2Fen%2Fsaml_login HTTP/1.1 200 6020 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36 Edg/80.0.361.111 0.043
- 下面是 authsources 和 identity provider 配置
- 当我按照评论中的建议进行 cookie 检查时,这就是我的发现。
按要求添加答案作为步骤
根据设计,域名必须至少有两个点;否则浏览器会认为它们无效。 (参见 http://curl.haxx.se/rfc/cookie_spec.html 上的参考资料)
在本地主机上工作时,必须完全省略 cookie 域。
通过添加以下条目修改文件 /etc/hosts
localhost.com127.0.0.1
然后将域用作 localhost.com
为了在您的浏览器中更好地跟踪 cookie,还请按照 link https://brainshark.zendesk.com/hc/en-us/articles/205043644-Performing-a-Browser-Trace-Chrome
中的步骤操作