小贝子编程

为什么WebSphere SAML SSO IDAssertion会查看UserRegistry



我正在使用WebSphere Portal Server 8.5.5.14,并尝试将SAML SSO集成到应用程序中。我配置了这样的ACS拦截器,

<trustAssociation xmi:id="TrustAssociation_1" enabled="true">
<interceptors xmi:id="TAInterceptor_1603957530229" interceptorClassName="com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor">
<trustProperties xmi:id="Property_1603957530314" name="sso_1.sp.acsUrl" value="https://localhost:10041/samlsps/ciam"/>
<trustProperties xmi:id="Property_1603057530732" name="sso_1.sp.idMap" value="idAssertion"/>
<trustProperties xmi:id="Property_1603957530732" name="sso_1.sp.principalName" value="uid"/>
<trustProperties xmi:id="Property_1603950530859" name="sso_1.sp.groupName" value="group"/>
<trustProperties xmi:id="Property_1603951530859" name="sso_1.sp.useRealm" value="onelogin"/>
<trustProperties xmi:id="Property_1603952531859" name="sso_1.sp.SingleSignOnUrl" value="https://samlpoctest.onelogin.com/trust/saml2/http-redirect/sso/19c6d240-d71c-4e9b-af4a-14993ef4cefb"/>
<trustProperties xmi:id="Property_1603953531859" name="sso_1.sp.groupMap" value="localRealm"/>
<trustProperties xmi:id="Property_1603954530847" name="sso_1.sp.includeToken" value="true"/>
<trustProperties xmi:id="Property_1603955530339" name="sso_1.sp.filter" value="request-url%=sml"/>
<trustProperties xmi:id="Property_1603959530333" name="sso_1.sp.login.error.page" value="com.ibm.wsspi.security.web.saml.CustomAuthnRequestProvider"/>
<trustProperties xmi:id="Property_1603957530444" name="sso_1.sp.redirectToIdPonServerSide" value="true"/>
<trustProperties xmi:id="Property_1603957530446" name="sso_1.sp.targetUrl" value="https://localhost:10041/wps/myportal"/>
<trustProperties xmi:id="Property_1603957530850" name="sso_1.sp.uniqueId" value="uid"/>
</interceptors>
</trustAssociation>

尽管它被配置为进行IDAssertion,但我收到了如下错误,

[12/10/208:20:35:247BRT]0000045b上下文管理<runAs(系统)->出现异常。出口com.ibm.websphere.wim.exception.EntityNotFoundException:CWWIM4001E未找到"uid=qqqq,o=onelogin"实体。在com.ibm.ws.wim.adapter.file.wast.FileData.getByDN(FileData.java:1029)在com.ibm.ws.wim.adapter.file.ware.FileAdapter.get(FileAdapter.java:1209)网址:com.ibm.ws.wim.ProfileManager.getImpl(ProfileManager.java:1757)在com.ibm.ws.wim.ProfileManager.genericProfileManager方法(ProfileManager.java:375)网址:com.ibm.ws.wim.ProfileManager.get(ProfileManager.java:428)com.ibm.websphere.wim.ServiceProvider.get(ServiceProvider.java:385)在com.ibm.websphere.wim.client.LocalServiceProvider.get(LocalServiceProvider.java:364)网址:com.ibm.wps.um.VMMFilter$3.run(VMMFilter.java:171)com.ibm.wps.um.VMMFilter$3.run(VMMFilter.java:168)com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5572)在com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5698)网址:com.ibm.wps.um.VMMFilter.get(VMMFilter.java:182)com.ibm.wps.um.VMMFilter.filter(VMMFilter.java:398)com.ibm.wps.um.PrinipalFilter.filter(PrincipalFilter.java:186)com.ibm.wps.um.ReamFilter.filter(RealmFilter.java:151)com.ibm.wps.um.PrinipalFilterChain.invokeFiltering(PrincipalFilterChain.java:120)网址:com.ibm.wps.um.FilterAdapter.get(FilterAdapter.java:162)com.ibm.wps.um.PumaEngineHelper.reload(PumaEngineHelper.java:880)com.ibm.wps.um.PumaEngineHelper.loadWithBaseAttributes(PumaEngineHelper.java:773)在com.ibm.wps.um.PumaLocatorImpl.findUserByIdentifier(PumaLocatorImpl.java:136)在com.ibm.wps.puma.util.PumaSubjectHelper.getUserForSubject(PumaSubjectHelper.java:161)在com.ibm.wps.um.UserLookupAbstract$1$1.run(UserLookupAbtract.java:68)在com.ibm.wps.um.UserLookupAbstract$1$1.run(UserLookupAbtract.java:65)在com.ibm.wps.um.PumaEngineHelper.runUnrestricted(PumaEngineHelper.java:1387)在com.ibm.wps.um.PumaEnvironmentImpl.runUnrestricted(PumaEnvironmentImpl.java:176)在com.ibm.wps.um.UserLookupAbstract$1.run(UserLookupAbtract.java:63)在com.ibm.wps.um.UserLookupAbstract$1.run(UserLookupAbtract.java:60)在com.ibm.wps.um.RemManager.executeUnderRealm(RealmManager.java:195)在com.ibm.wps.um.UserLookupAbstract.getCurrentUserFromWSSubject(UserLookupAbtract.java:59)在com.ibm.wps.um.UserLookupWSSubjectImpl.getCurrentUser(UserLookupWSSsubjectImpl.java:34)在com.ibm.wps.um.PumaProfileImpl.getCurrentUser(PumaProfileImpl.java:494)在com.ibm.wps.engine.ExtendedLocaleFilter.getUserPreferredLocale(ExtendedLocaleFilter.java:304)在com.ibm.wps.engine.ExtendedLocaleFilter.getAcceptLanguageHeader(ExtendedLocaleFilter.java:250)在com.ibm.wps.engine.ExtendedLocaleFilter.doFilter(ExtendedLocaleFilter.java:115)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.resolver.friendly.servlet.FriendlySelectionFilter.doFilter(FriendlySelectionFilter.java:191)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.project.filter.ProjectIdFilter.doFilterWithoutProjectID(ProjectIdFilter.java:405)在com.ibm.wps.project.filter.ProjectIdFilter.doFilter(ProjectIdFilter.java:319)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.services.preview.PreviewFilterImpl.doFilter(PreviewFilterImpl.java:356)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.mappingurl.impl.URLAnalyzer.doFilter(URLAnalyzer.java:442)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.engine.VirtualPortalFilter.doFilter(VirtualPortalFilter.java:89)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.resolv.servlet.ContentHandlerGzip.internalDoFilter(ContentHandlerGzip.java:730)在com.ibm.wps.resolv.servlet.ContentHandlerGzip.doFilter(ContentHandlerGzip.java:471)在com.ibm.wps.resolv.servlet.AbstractFilter.doFilter(AbstractFilter.java:103)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.state.filter.StateCleanup.doFilter(StateCleanup.java:103)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.wps.devicesupport.WorklightFilter.doFilter(WorklightFilter.java:166)在com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrappr.java:195)在com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)在com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:967)在com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager/java:1107)在com.ibm.ws.webcontainer.servlet.CacheServlet包装器.handleRequest(CacheServlet包装器.java:87)在com.ibm.ws.webcontainer.webcontainer.handleRequest(webcontainer.java:949)在com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)在com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:213)在com.ibm.ws.http.channe.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)在com.ibm.ws.http.channe.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)在com.ibm.ws.http.channe.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)在com.ibm.ws.http.channe.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)在com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1833)在com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadComplettionListener.java:175)在com.ibm.io.async.AbstractAsyncFuture.invokeCallback(抽象异步未来.java:217)在com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFutures.java:161)在com.ibm.io.async.AncFuture.completed(AsyncFuture.java:138)com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)在com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)

但问题是,根据此配置,WebSphere甚至不应该查看用户注册表。

提前感谢。:)

请从TAI配置中删除sso_1.sp.groupMap

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium