小贝子编程

SAML响应处理在解析时失败



我试图让Spring Saml与IDP发起的方案一起工作。在示例应用程序中处理SAML响应消息时,我会得到例外。但是,当我用简单的Java代码解析相同的响应时,一切都很好,我可以成功地解析它。任何线索如果可以配置解析器的某种配置,我会在SamlProporcessorimpl类中看到某种samlbinding。这似乎容纳解码器。

SAML消息的第一行是:

    <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s29e0437f7f268017d5f6a5766797621c301feb737" Version="2.0" IssueInstant="2016-06-21T20:01:18Z" Destination="http://www.xxxxxxxxxxxxxxxxxxxxxxxxx.com:9080/site/saml/SSO"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://fmdev.ist.intralink.bns:80</saml:Issuer><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

错误是在抱怨" 2.0:essertion"> http"应该是属性",">">"或"/>")中的字符">" !!! 

Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 303; Element type "saml:Issuer" must be followed by either attribute specifications, ">" or "/>".

完整异常跟踪下面:

org.springframework.security.authentication.AuthenticationServiceException: Error decoding incoming SAML message
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

由:org.opensaml.ws.message.decoder.decoder.messagedecodingexception:遇到错误解析消息到其DOM表示 at rog.opensaml.ws.message.decoder.basemessagedecoder.unmarshallmessage(basemessagedecoder.java:209) atrg.opensaml.saml2.binding.decoding.httpppostdecoder.dodecode(httpppostdecoder.java:91) 请访问org.opensaml.ws.message.decoder.basemessagedecoder.decode(basemessagedecoder.java:79) atrg.opensaml.saml2.binding.decoding.basesaml2messageDecoder.decode(basesaml2MessageDecoder.java:70) 在org.springframework.security.saml.saml.saml.samlprocessorimpl.retrievemessage(samlprocessorimpl.java:105) at org.springframework.security.saml.processor.samlprocessorimpl.retrievemessage(samlprocessorimpl.java:172) 在org.springframework.security.saml.saml.samlprocessingfilter.attemptauthentication(samlprocessingfilter.java:77) ... 30 引起:org.opensaml.xml.parse.xmlparserexception:无效xml atrg.opensaml.xml.parse.staticbasicparserpool.parse(staticbasicparserpool.java:237) 请访问org.opensaml.ws.message.decoder.basemessagedecoder.unmarshallmessage(basemessagedecoder.java:186) ... 36 引起:org.xml.sax.saxparseexception;亚麻数:1;圆柱:303;元素类型" SAML:发行者"必须随后属性规格,">"或"/>"。 atrg.apache.xerces.parsers.domparser.parse(未知来源) atrg.apache.xerces.jaxp.documentbuilderimpl.parse(未知来源) 在javax.xml.parsers.documentbuilder.parse(documentBuilder.java:121) atrg.opensaml.xml.parse.staticbasicparserpool $ documentbuilderproxy.parse(staticbasicparserpool.java:673) atrg.opensaml.xml.parse.staticbasicparserpool.parse(staticbasicparserpool.java:234)

我对此进行了更多研究。我注意到,工作Java应用程序和Spring SAML ONE之间传递给DOM解析器的字符有所不同。进一步研究它,我发现在httppostdecoder中检索到的消息:getBase64decodedMessage()已截断。我用于测试的编码消息具有" "符号,需要在HTTP请求中编码。应替换为"%2B"。这样做解决了问题。

我在解析/解码SAML响应时面临同一问题。要解决此问题,我使用Encodeuricomponent()转换/编码我们的SAML响应。

详细信息:

    Tech Stack : **NodeJS**
    Lib using for SAML code decode **saml2-js**

代码:

         const postAssertGetSamlResponse = async(attr) => {
        
            return new Promise((resolve, reject) => {
              attr.SP.post_assert(attr.IDP,attr.options,function(err,decodedSamlResponse) {
                if (err != null) {
                  console.log(err);
                }
                let data = {
                  decodedSAMLResponse: decodedSamlResponse,
                  redirectURL: attr.redirectClientURL
                }
                return resolve(data);
              });
            });  
         }
         let regex = new RegExp("(([^&#]*)|&|#|$)");         
         let results = regex.exec(req.SAMLResponse);         
         results[2] = decodeURIComponent(results[2]);         
         results[2] = encodeURIComponent(results[2]);         
         let samlResponse = decodeURIComponent(results[2].replace(/+/g, " "));
         attrs = {
          redirectClientURL: "https://test.com"
         }
         attrs.options = {
          request_body: {
           SAMLResponse: samlResponse
          }
         };
         let data = await postAssertGetSamlResponse(attr);
         console.log("SAML response ::", data);

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium