0
Мне нужна помощь :)OpenAM HTTP Status 500
Я в настоящее время создаю партнеров для нашего единого входа.
Мы используем OpenAm. Итак, мы являемся размещенным поставщиком услуг, и я создал провайдера Identity - нашего партнера.
Мы имеем успешные конфигурации, но для этого я бега в стену:/
Это SAML2.0, устанавливается Агент по коту 7 и связь кажется прекрасной.
Когда наш партнер посылает нам запрос он получает:
HTTP 500
Exception:
javax.servlet.ServletException : AMSetupFilter.doFilter
com.sun.identify.setup.AMSetupFilter.doFilter(AMSetupFilter.java 121)
Root cause:
java.lang.NullPointerException
com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1158)
org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp)
.....
com.sun.identify.setup.AMSetupFilter.doFilter(AMSetupFilter)
В журнале у меня есть: Для SSO сервера catalina.out:
Nov 26, 2013 4:52:22 PM com.sun.org.apache.xml.internal.security.signature.Reference verify
INFO: Verification successful for URI "#_6cf47d3b-f425-4a10-aeb1-fa20cf763387"
org.apache.jasper.JasperException: java.lang.NullPointerException
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:522)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:416)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.NullPointerException
at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1158)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
... 21 more
В журнале Session от openAm:
CookieMode is:true
SessionID(HttpServletRequest) : is forward = null
getSidFromQuery: request [email protected]
getSidFromQuery: sid =null
before decoding getSidFromURL:sidString=null
after decoding: getSidFromURL:sidString=null
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:1089)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:92)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:241)
at com.sun.identity.plugin.session.impl.FMSessionProvider.getSession(FMSessionProvider.java:408)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:202)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
...
И, наверное, самое интересное, журнал Федерации:
SPACSUtils.getResponse: got response= (give me a proper xml response)
**FMSessionProvider.getSession: Could not get the session from the HTTP request: Invalid session ID.
spAssertionConsumer.jsp: Token is null.Invalid session ID.**
SPACSUtils.processResponse: Response : [email protected]
SAML2Utils.getSPAdapterClass: get SPAdapter for ***
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId - ***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - spAdapter
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId -***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAdapter
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: [email protected]
SAML2Utils.getSPAdapterClass: get SPAdapter class
SAML2MetaCache.getEntityConfig: cacheKey = /***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
SAML2Utils:getWantPOSTResponseSigned : realm - /***
SAML2Utils:getWantPOSTResponseSigned : hostEntityId - ***
SAML2Utils:getWantPOSTResponseSigned : entityRole - SPRole
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId -***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: [email protected]
SAML2Utils.verifyResponse:binding is :urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
FMSigProvider.verify: The cert contained in the document is the same as the one being passed in.
validateCertificate : CRL check is not configured. Just return it is good.
FMSigProvider.verify: Signature verification successful.
SAML2Utils.isBearerSubjectConfirmation:timeskew = 300
AuthContext Class Name is :com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAuthncontextClassrefMapping
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
DefaultSPAuthnContextMapper: List:[email protected]
DefaultSPAuthnContextMapper.getAuthnCtxFromSPConfig: AuthLevel is 0
DefaultSPAuthnContextMapper:hostEntityID:***
DefaultSPAuthnContextMapper:realm:/***
DefaultSPAuthnContextMapper:MAP:{default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}
DefaultSPAuthnContextMapper:HASH:{***={default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}}
DefaultSPAuthnContextMapper:authnClRef:urn:federation:authentication:windows
DefaultSPAuthnContextMapper:authLevel :0
SAML2Utils.fillMap: Found valid authentication assertion.
SPACSUtils.processResponse: Assertions : [[email protected]]
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache:
DefaultAccountMapper.constructor:
DefaultLibrarySPAccountMapper.constructor:
DefaultSPAccountMapper.constructor:
SPACSUtils.getSPAccountMapper: mapper = com.sun.identity.saml2.plugins.DefaultSPAccountMapper
DefaultSPAttributeMapper.constructor
SAML2MetaCache.getEntityDescriptor: cacheKey =, found = true
При предоставлении стеков стека обычно полезно также предоставлять версию продукта, поэтому люди могут на самом деле сопоставить ее с кодом. –
Спасибо за напоминание :). OpenAM 10.1.0-Xpress. Мы определили, что эта ошибка, скорее всего, связана с ошибкой нашего запроса партнера (обрезано слишком много информации!). Я пытаюсь выяснить, есть ли способ отправить запрос вручную (будь то idp), а не ждать, пока наш партнер отправит нам запрос, чтобы мы могли проверить нашу конфигурацию sso. Я попытался с помощью: '