WSO2 Identity Server 5.0.0 Sharepoint 2013 SSO Passive STS échec

Question

J'ai suivi le SSO for Microsoft Sharepoint Web Applications with WSO2 Identity Server tutorial, mais je reçois une erreur SOAP dans le fichier wresult sur le formulaire qui renvoie POST à ​​SharePoint.

Le soapenv: Raison contient le texte suivant:

Erreur dans la création d'un SAMLToken en utilisant la bibliothèque OpenSAML

J'ai activé la journalisation DEBUG globalement dans WSO2 Identity Server, et je peux voir la réponse d'erreur, mais je ne peux pas comprendre pourquoi cela se produit:

TID: [0] [IS] [2015-10-29 15:39:18,921] DEBUG {org.wso2.carbon.identity.sts.passive.PassiveSTSService} - Retrieving wreply url for : Portal in tenant : carbon.super {org.wso2.carbon.identity.sts.passive.PassiveSTSService} 
TID: [0] [IS] [2015-10-29 15:39:18,921] DEBUG {org.wso2.carbon.identity.sts.passive.PassiveSTSService} - Setting ReplyTo URL : hxxp://portal.domain/_trust for Realm : Portal {org.wso2.carbon.identity.sts.passive.PassiveSTSService} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Creating request with request type: hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue and applies to: Portal {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Using RSTTemplate: <sp:RequestSecurityTokenTemplate xmlns:sp="hxxp://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wst:TokenType xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512">hxxp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType><wst:KeyType xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512">hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType><wst:KeySize xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512">256</wst:KeySize><wst:Claims xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsp="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512" wsp:Dialect="hxxp://wso2.org/claims"><wsid:ClaimType xmlns:wsid="hxxp://schemas.xmlsoap.org/ws/2005/05/identity" Uri="{WindowsAccountName|123456789}"></wsid:ClaimType></wst:Claims></sp:RequestSecurityTokenTemplate> {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Extracting key size from the RSTTemplate: {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Key size from RSTTemplate: 256 {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,952] DEBUG {org.wso2.carbon.identity.sts.passive.processors.RequestProcessor} - STSTimeToLive read from carbon.xml in passive STS 1800000 {org.wso2.carbon.identity.sts.passive.processors.RequestProcessor} 
TID: [0] [IS] [2015-10-29 15:39:18,999] DEBUG {org.apache.ws.security.components.crypto.CryptoFactory} - Using Crypto Engine [org.wso2.carbon.security.util.ServerCrypto] {org.apache.ws.security.components.crypto.CryptoFactory} 
TID: [0] [IS] [2015-10-29 15:39:19,046] DEBUG {org.apache.xml.security.Init} - Registering default algorithms {org.apache.xml.security.Init} 
TID: [0] [IS] [2015-10-29 15:39:19,140] DEBUG {org.wso2.carbon.identity.provider.AttributeCallbackHandler} - Loading claims {org.wso2.carbon.identity.provider.AttributeCallbackHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,140] DEBUG {org.wso2.carbon.identity.core.IdentityClaimManager} - IdentityClaimManager singleton instance created successfully {org.wso2.carbon.identity.core.IdentityClaimManager} 
TID: [0] [IS] [2015-10-29 15:39:19,140] DEBUG {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} - My Hash code of Claim cache is : 1 {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} 
TID: [0] [IS] [2015-10-29 15:39:19,156] DEBUG {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} - Shared Hash code of Claim cache is : 1 {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} 
TID: [0] [IS] [2015-10-29 15:39:19,156] DEBUG {org.wso2.carbon.identity.provider.AttributeCallbackHandler} - Processing claim data {org.wso2.carbon.identity.provider.AttributeCallbackHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,156] DEBUG {org.wso2.carbon.identity.provider.AttributeCallbackHandler} - Populating claim values {org.wso2.carbon.identity.provider.AttributeCallbackHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axiom.om.impl.builder.StAXOMBuilder} - WARNING: The current state of the parser is not equal to the state just received from the parser. The current state in the paser is END_ELEMENT the state just received is END_DOCUMENT {org.apache.axiom.om.impl.builder.StAXOMBuilder} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.handlers.addressing.AddressingOutHandler} - includeOptionalHeaders=false {org.apache.axis2.handlers.addressing.AddressingOutHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.handlers.addressing.AddressingOutHandler} - WSAHeaderWriter: isFinal=true addMU=false replace=false includeOptional=false role=null {org.apache.axis2.handlers.addressing.AddressingOutHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.client.Options} - getAction (urn:getResponseResponse) from org.apache.axis2.client.Options@4cdb77b9 {org.apache.axis2.client.Options} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.transport.local.LocalResponder} - Response - <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="hxxp://www.w3.org/2003/05/soap-envelope"><soapenv:Header xmlns:wsa="hxxp://www.w3.org/2005/08/addressing"><wsa:Action>urn:getResponseResponse</wsa:Action><wsa:RelatesTo>urn:uuid:83ee0d80-39ff-428f-92b9-bad675cdb820</wsa:RelatesTo></soapenv:Header><soapenv:Body><ns:getResponseResponse xmlns:ns="hxxp://org.apache.axis2/xsd"><ns:return xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:ax2364="hxxp://passive.sts.identity.carbon.wso2.org/xsd" xsi:type="ax2364:ResponseToken"><ax2364:authenticated>true</ax2364:authenticated><ax2364:context>hxxp://portal.domain/_layouts/15/Authenticate.aspx?Source=%2F</ax2364:context><ax2364:replyTo>hxxp://portal.domain/_trust</ax2364:replyTo><ax2364:responsePointer xsi:nil="true"></ax2364:responsePointer><ax2364:results>&lt;soapenv:Fault xmlns:soapenv="hxxp://www.w3.org/2003/05/soap-envelope"&gt;&lt;soapenv:Code&gt;&lt;soapenv:Value&gt;Sender&lt;/soapenv:Value&gt;&lt;soapenv:Subcode&gt;&lt;soapenv:Value xmlns:sts="hxxp://wso2.org/passivests"&gt;sts:InvalidRequest&lt;/soapenv:Value&gt;&lt;/soapenv:Subcode&gt;&lt;/soapenv:Code&gt;&lt;soapenv:Reason&gt;&lt;soapenv:Text&gt;Error in creating a SAMLToken using Opensaml library&lt;/soapenv:Text&gt;&lt;/soapenv:Reason&gt;&lt;soapenv:Detail&gt;none&lt;/soapenv:Detail&gt;&lt;/soapenv:Fault&gt;</ax2364:results></ns:return></ns:getResponseResponse></soapenv:Body></soapenv:Envelope> {org.apache.axis2.transport.local.LocalResponder} 

http URIs changé pour hxxp afin que je puisse soumettre cette question.

Answer 1

Je l'ai compris. La configuration de catalina a été définie pour utiliser le mauvais alias dans le fichier de clés pour crypter les communications privées. Dans mon cas, l'alias spécifié n'existait pas du tout. Changé à un alias valide et maintenant il fonctionne comme prévu.