使用 SAML 重定向未登陆我的配置页面
我在使用 SAML 在 Web 应用程序上实现 SSO 时遇到问题。
成功登录后,我想重定向到应用程序的仪表板/主菜单。但是,它会被重定向到 http://:/IDBUS/first-idau/IDP-1/SAML2/SSO/POST。
流程是,我在浏览器中请求应用程序的上下文 url。在 josso 中,我已将其配置为重定向到 atricore。然后请求标头发生变化,请求返回到我请求的同一应用程序 URL。现在我使用过滤器并将其重定向到 JOSSO 登录页面。因此,这个单一请求会到达 JOSSO 登录页面。
当我提供凭据并登录时,JOSSO 会进行身份验证并设置用户主体,并将请求发送到我的 url。这里我有一个过滤器可以转发到我的仪表板。 在此步骤中,当我在 JOSSO 登录页面中提供身份验证信息后,它不会获取我的仪表板,而是重定向到某个 JOSS 页面 (http://:/IDBUS/first-idau/IDP-1/SAML2/SSO/POST)位于 Atricore 中的 OSGi 捆绑包中。
当我调试时,我看到 HTTP 标头为“referer”。它指向上面的 URL。我认为它应该指向我在 josso-agent-config.xml 中配置的应用程序的仪表板 URL,
我做了一项分析,发现了一些有趣的东西。在步骤 1 中,我在应用程序中使用了过滤器来重定向到 JOSSO 登录页面。我没有这样做,而是允许完成请求。然后它会出现在我的应用程序的页面中。 现在在同一个会话中(在浏览器中),我手动向 JOSSO 登录页面发出请求。然后我得到了JOSSO登录页面(这是第2步)。然后我提供了凭据并请求登录。现在它已成功转发到我的应用程序的预期仪表板页面。
所以我的猜测是,我的过滤器应该有问题,我重定向到 JOSSO 登录页面。
我正在使用 Atricore Identity Bus 1.0.0-m1+JOSSO 1.8.2+Spring 2.5.6.SEC01。请帮我解决这个问题。
I am facing an issue while using SAML to implement SSO on my web application.
After successful login I want to redirect to my application’s dashboard / main menu. But, it gets redirected to http://:/IDBUS/first-idau/IDP-1/SAML2/SSO/POST.
The flow is, I request my application’s context url in browser. In josso I have configured it to be redirected to atricore. Then there is a change in request headers and the request comes back to same application url I requested. Now I use a filter and redirect it to JOSSO login page. So this single request lands in JOSSO login page.
When I give credentials and login, then JOSSO authenticates and sets the user principal and sends the request to my url. Here I have a filter to forward to my dashboard.
In this step after I give authentication information in JOSSO login page, instead of getting my dashboard, it gets redirected to some JOSS page (http://:/IDBUS/first-idau/IDP-1/SAML2/SSO/POST) this is in OSGi bundle in Atricore.
When I debug, I see a HTTP header as “referer”. It pointing to the above URL. I think it should point to my application’s dashboard url which I have configured in josso-agent-config.xml
I did one analysis and found something interesting. In step 1, I have used a filter in my application to redirect to JOSSO login page. Instead of doing that, I allowed to complete the request. Then it gets landed in a page in my application.
Now in the same session (in browser), I manually made request to JOSSO login page. Then I got the JOSSO login page (this is step 2). Then I gave credentials and requested to login. Now it gets successfully forwarded to the intended my application’s dashboard page.
So my guess is that, there should be something wrong with my filter where I redirect to JOSSO login page.
I am using Atricore Identity Bus 1.0.0-m1+JOSSO 1.8.2+Spring 2.5.6.SEC01. Please help me on this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,我强烈建议您升级到上周发布的 Atricore M2,可在此处获取:http://sourceforge.net/projects/atricore/files/Atricore%20Identity% 20Bus/Atricore%20Identity%20Bus%201.0.0%20M2/atricore-idbus-1.0.0-m2.zip/download 。此版本提供了大量修复和许多重要的增强功能,例如本机 HA 和开箱即用的可扩展性支持。
另外,请确保您使用的是最终的 JOSSO 1.8.2 位 - 不是 JOSSO 1.8.2 r1575 - 上周发布并可从 JOSSO 网站 (http://www.josso.org) 。
然后,您应该部署参考身份设备,以实现包含 JOSSO 服务提供商和 SAML2 身份提供商的简单的基于 SAML 的联合 SSO 设置。确保遵循快速入门:http://www.josso.org/ confluence/display/IDBUS/Quick+Start
回到您原来的问题,您看到的 URI 是因为 JOSSO 依赖于 SAML2 IdP 实体身份验证请求(读取:AuthNRequest),该请求在处理后返回相应的传送身份验证断言的 SAML 响应。
最重要的是,在 FSSO 设置中,JOSSO 网关问题是由 Atricore IDBus 中托管的身份提供程序实现的。 Atricore Identity Bus 与 JOSSO 代理(阅读:通过讲“JOSSO”协议)很好地配合,同时引入了基于标准的 FSSO 功能,并且不会强迫您投资将 JOSSO 合作伙伴应用程序改造为 SAML。
希望这对您的问题和总体主题有所帮助。
问候,
吉安卢卡.
First of all, I'd strongly suggest you to upgrade to Atricore M2 which was released last week and available here : http://sourceforge.net/projects/atricore/files/Atricore%20Identity%20Bus/Atricore%20Identity%20Bus%201.0.0%20M2/atricore-idbus-1.0.0-m2.zip/download . This release delivers tons of fixes and many significant enhancements such as native HA and scalability out-of-the-box support.
Also, make sure that you're using the final JOSSO 1.8.2 bits - not JOSSO 1.8.2 r1575 - released last week and available from the JOSSO web site (http://www.josso.org) .
Then, you should deploy the reference identity appliance for realizing a simple SAML-based Federated SSO setting encompassing a JOSSO Service Provider and a SAML2 Identity Provider. Make sure to follow the quick start :http://www.josso.org/confluence/display/IDBUS/Quick+Start
Going back to your original question, the URI your seeing is because JOSSO is relying on a SAML2 IdP Entity the authentication request (read: AuthNRequest) which, upon handled, returns the correpsonding SAML Response conveying authentication assertions.
The bottom line is that within a FSSO setting, the JOSSO Gateway concern is realized by an Identity Provider hosted in Atricore IDBus. Atricore Identity Bus is playing nice with JOSSO Agents (read: by speaking the "JOSSO" protocol) while bringing the standard-based FSSO capabilities on board, and without forcing you to invest in retrofitting your JOSSO Partner applications to SAML.
Hope this sheds some light on your issue and the subject in general.
Regards,
Gianluca.