java—为什么websphere saml sso idassertion查看userregistry?

uqzxnwby  于 2021-07-06  发布在  Java
关注(0)|答案(1)|浏览(373)

我正在使用WebSpherePortalServer8.5.5.14并尝试将SAMLSO集成到应用程序中。我已经这样配置了acs拦截器,

<trustAssociation xmi:id="TrustAssociation_1" enabled="true">
  <interceptors xmi:id="TAInterceptor_1603957530229" interceptorClassName="com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor">
    <trustProperties xmi:id="Property_1603957530314" name="sso_1.sp.acsUrl" value="https://localhost:10041/samlsps/ciam"/>
    <trustProperties xmi:id="Property_1603057530732" name="sso_1.sp.idMap" value="idAssertion"/>
    <trustProperties xmi:id="Property_1603957530732" name="sso_1.sp.principalName" value="uid"/>
    <trustProperties xmi:id="Property_1603950530859" name="sso_1.sp.groupName" value="group"/>
    <trustProperties xmi:id="Property_1603951530859" name="sso_1.sp.useRealm" value="onelogin"/>
    <trustProperties xmi:id="Property_1603952531859" name="sso_1.sp.SingleSignOnUrl" value="https://samlpoctest.onelogin.com/trust/saml2/http-redirect/sso/19c6d240-d71c-4e9b-af4a-14993ef4cefb"/>
    <trustProperties xmi:id="Property_1603953531859" name="sso_1.sp.groupMap" value="localRealm"/>
    <trustProperties xmi:id="Property_1603954530847" name="sso_1.sp.includeToken" value="true"/>
    <trustProperties xmi:id="Property_1603955530339" name="sso_1.sp.filter" value="request-url%=sml"/>
    <trustProperties xmi:id="Property_1603959530333" name="sso_1.sp.login.error.page" value="com.ibm.wsspi.security.web.saml.CustomAuthnRequestProvider"/>
    <trustProperties xmi:id="Property_1603957530444" name="sso_1.sp.redirectToIdPonServerSide" value="true"/>
    <trustProperties xmi:id="Property_1603957530446" name="sso_1.sp.targetUrl" value="https://localhost:10041/wps/myportal"/>
    <trustProperties xmi:id="Property_1603957530850" name="sso_1.sp.uniqueId" value="uid"/>
  </interceptors>
</trustAssociation>

即使配置为执行idassertion,也会出现如下错误,
[12/10/20 8:20:35:247 brt]0000045b contextmanage<runas(system)->发生异常。退出com.ibm.websphere.wim.exception.entitynotfoundexception:cwwim4001e未找到“uid=qqqq,o=onelogin”实体。在com.ibm.ws.wim.adapter.file.was.filedata.getbydn(filedata。java:1029)在com.ibm.ws.wim.adapter.file.was.fileadapter.get(fileadapter。java:1209)在com.ibm.ws.wim.profilemanager.getimpl(profilemanager。java:1757)在com.ibm.ws.wim.profilemanager.genericprofilemanagermethod(profilemanager。java:375)在com.ibm.ws.wim.profilemanager.get(profilemanager。java:428)在com.ibm.websphere.wim.serviceprovider.get(serviceprovider。java:385)在com.ibm.websphere.wim.client.localserviceprovider.get(localserviceprovider。java:364)在com.ibm.wps.um.vmmfilter$3.run(vmmfilter。java:171)在com.ibm.wps.um.vmmfilter$3.run(vmmfilter。java:168)在com.ibm.ws.security.auth.contextmanagerimpl.runas(contextmanagerimpl。java:5572)在com.ibm.ws.security.auth.contextmanagerimpl.runassystem(contextmanagerimpl。java:5698)在com.ibm.wps.um.vmmfilter.get(vmmfilter。java:182)在com.ibm.wps.um.vmmfilter.filter(vmmfilter。java:398)在com.ibm.wps.um.principalfilter.filter(principalfilter。java:186)在com.ibm.wps.um.realmfilter.filter(realmfilter。java:151)在com.ibm.wps.um.principalfilterchain.invokefiltering(principalfilterchain。java:120)在com.ibm.wps.um.filteradapter.get(filteradapter。java:162)在com.ibm.wps.um.pumaenginehelper.reload(pumaenginehelper。java:880)在com.ibm.wps.um.pumaenginehelper.loadwithbaseattributes(pumaenginehelper)。java:773)在com.ibm.wps.um.pumalocatorimpl.finduserbyidentifier(pumalocatorimpl。java:136)位于com.ibm.wps.puma.util.pumasubjecthelper.getuserforsubject(pumasubjecthelper)。java:161)在com.ibm.wps.um.userlookupabstract$1$1.run(userlookupabstract。java:68)在com.ibm.wps.um.userlookupabstract$1$1.run(userlookupabstract。java:65)位于com.ibm.wps.um.pumaenginehelper.rununrestricted(pumaenginehelper)。java:1387)在com.ibm.wps.um.pumaenvironmentimpl.rununrestricted(pumaenvironmentimpl。java:176)在com.ibm.wps.um.userlookupabstract$1.run(userlookupabstract。java:63)在com.ibm.wps.um.userlookupabstract$1.run(userlookupabstract。java:60)在com.ibm.wps.um.realmmanager.executeunderrealm(realmmanager。java:195)在com.ibm.wps.um.userlookupabstract.getcurrentuserfromwssubject(userlookupabstract。java:59)在com.ibm.wps.um.userlookupssubjectimpl.getcurrentuser(userlookupssubjectimpl。java:34)在com.ibm.wps.um.pumaprofileimpl.getcurrentuser(pumaprofileimpl。java:494)在com.ibm.wps.engine.extendedlocalefilter.getuserpreferredlocale(extendedlocalefilter。java:304)位于com.ibm.wps.engine.extendedlocalefilter.getacceptlanguageheader(extendedlocalefilter。java:250)在com.ibm.wps.engine.extendedlocalefilter.dofilter(extendedlocalefilter。java:115) 在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.resolver.friendly.servlet.friendlyselectionfilter.dofilter(friendlyselectionfilter)上。java:191)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.project.filter.projectdFilter.dofilterwithoutprojectid(ProjectdFilter。java:405)在com.ibm.wps.project.filter.projectdfilter.dofilter(projectdfilter。java:319)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.services.preview.previewfilterimpl.dofilter(previewfilterimpl。java:356) 在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.mappingurl.impl.urlanalyzer.dofilter(urlanalyzer。java:442)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.engine.virtualportalfilter.dofilter(virtualportalfilter。java:89)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.resolver.servlet.contenthandlergzip.internaldofilter(contenthandlergzip。java:730)在com.ibm.wps.resolver.servlet.contenthandlergzip.dofilter(contenthandlergzip。java:471)位于com.ibm.wps.resolver.servlet.abstractfilter.dofilter(abstractfilter)。java:103)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.state.filter.statecleanup.dofilter(statecleanup。java:103)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.wps.devicesupport.worklightfilter.dofilter(worklightfilter。java:166)在com.ibm.ws.webcontainer.filter.filterinstancewrapper.dofilter(filterinstancewrapper。java:195)在com.ibm.ws.webcontainer.filter.webappfilterchain.dofilter(webappfilterchain。java:91)在com.ibm.ws.webcontainer.filter.webappfiltermanager.dofilter(webappfiltermanager。java:967)在com.ibm.ws.webcontainer.filter.webappfiltermanager.invokefilters(webappfiltermanager。java:1107)位于com.ibm.ws.webcontainer.servlet.cacheservletwrapper.handlerequest(cacheservletwrapper)。java:87)在com.ibm.ws.webcontainer.webcontainer.handlerequest(webcontainer。java:949)在com.ibm.ws.webcontainer.wswebcontainer.handlerequest(wswebcontainer。java:1817)在com.ibm.ws.webcontainer.channel.wcchannellink.ready(wcchannellink。java:213)在com.ibm.ws.http.channel.inbound.impl.httpinboundlink.handlediscrimination(httpinboundlink)上。java:463)在com.ibm.ws.http.channel.inbound.impl.httpinboundlink.handlenewrequest(httpinboundlink)。java:530)在com.ibm.ws.http.channel.inbound.impl.httpinboundlink.processrequest(httpinboundlink)上。java:316)位于com.ibm.ws.http.channel.inbound.impl.httpiclreadcallback.complete(httpiclreadcallback)。java:88)在com.ibm.ws.ssl.channel.impl.sslreadservicecontext$sslreadcompletedcallback.complete(sslreadservicecontext)。java:1833)在com.ibm.ws.tcp.channel.impl.aioreadcompletionlistener.futurecompleted(aioreadcompletionlistener)上。java:175)在com.ibm.io.async.abstractasyncfuture.invokecallback(abstractasyncfuture)上。java:217)在com.ibm.io.async.asyncchannelfuture.firecompletionactions(asyncchannelfuture。java:161)在com.ibm.io.async.asyncfuture.completed(asyncfuture。java:138)在com.ibm.io.async.resulthandler.complete(resulthandler。java:204)在com.ibm.io.async.resulthandler.runeventprocessingloop(resulthandler。java:775)在com.ibm.io.async.resulthandler$2.run(resulthandler。java:905)在com.ibm.ws.util.threadpool$worker.run(threadpool。java:1892)
但问题是,通过这个配置,websphere甚至不应该查看用户注册表。
提前感谢。:)

相关问题