1. Accueil
  2. Question et réponse
  3. AuthenticationServiceException: Erreur lors de la validation du message SAML :: AuthNResponse; FAILURE; La réponse a un code d'état invalide: le message d'état est nul

AuthenticationServiceException: Erreur lors de la validation du message SAML :: AuthNResponse; FAILURE; La réponse a un code d'état invalide: le message d'état est nul

2017-05-03 5 views
0

J'essaye de configurer l'extension Spring SAML avec ADFS.AuthenticationServiceException: Erreur lors de la validation du message SAML :: AuthNResponse; FAILURE; La réponse a un code d'état invalide: le message d'état est nul

Je reçois le message - Le message d'état est null. Les journaux détaillés sont fournis à la fin.

Je suis passé par des messages similaires sur stackoverflow. Ils suggèrent d'activer RSA1 sur le serveur ADFS.

org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null

Issues while integrating ADFS with Spring SAML Extension

Mes journaux semble avoir RSA1 les paramètres et sont même sur le serveur.

NOTE

  1. Le certificat de serveur est auto-signé.
  2. Il y a chevauchement sur le serveur et avoir l'entrée de fichier d'installation d'installation pour résoudre le même.

Edit 1:

  1. IdP initié single-sign-on travaille. Mais, l'erreur se produit uniquement avec la connexion initiée SP. En outre, aucun journal observées sur le côté serveur ADFS

BILLES

DEBUG DigesterOutputStream:55 - Pre-digested input: 
DEBUG DigesterOutputStream:60 - <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://mysite-dev:443/empdServer/saml/SSO" ID="_4fba4628-a5d1-4fb6-85d4-f9366db2385a" InResponseTo="a4g74i6f5sdi3ebg778g3f4jab0j9c" IssueInstant="2017-05-02T14:28:51.502Z" Version="2.0"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.myserver/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"></samlp:StatusCode></samlp:Status></samlp:Response> 
DEBUG Reference:784 - Verification successful for URI "#_4fba4628-a5d1-4fb6-85d4-f9366db2385a" 
DEBUG Manifest:344 - The Reference has Type 
DEBUG SignatureValidator:70 - Signature validated with key from supplied credential 
DEBUG BaseSignatureTrustEngine:148 - Signature validation using candidate credential was successful 
DEBUG BaseSignatureTrustEngine:101 - Successfully verified signature using KeyInfo-derived credential 
DEBUG BaseSignatureTrustEngine:102 - Attempting to establish trust of KeyInfo-derived credential 
DEBUG ExplicitKeyTrustEvaluator:91 - Successfully validated untrusted credential against trusted key 
DEBUG BaseSignatureTrustEngine:104 - Successfully established trust of KeyInfo-derived credential 
INFO SAMLProtocolMessageXMLSignatureSecurityPolicyRule:129 - Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response 
DEBUG SAMLProtocolMessageXMLSignatureSecurityPolicyRule:131 - Authentication via protocol message signature succeeded for context issuer entity ID http://adfs.myserver.com/adfs/services/trust 
DEBUG BaseMessageDecoder:85 - Successfully decoded message. 
DEBUG BaseSAMLMessageDecoder:191 - Checking SAML message intended destination endpoint against receiver endpoint 
DEBUG BaseSAMLMessageDecoder:210 - Intended message destination endpoint: https://mysite-dev:443/myapp/saml/SSO 
DEBUG BaseSAMLMessageDecoder:211 - Actual message receiver endpoint: https://mysite-dev/myapp/saml/SSO 
DEBUG BaseSAMLMessageDecoder:219 - SAML message intended destination endpoint matched recipient endpoint 
DEBUG SAMLUtil:349 - Found endpoint [email protected]89c9e9 for request URL https://mysite-dev/myapp/saml/SSO based on location attribute in metadata 
DEBUG ProviderManager:162 - Authentication attempt using org.springframework.security.saml.SAMLAuthenticationProvider 
DEBUG SAMLAuthenticationProvider:98 - Error validating SAML message 
    org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null 
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113) 
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87) 
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) 
    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:184) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:616) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) 
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1519) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1475) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Unknown Source) 
2017-05-02 07:28:51 INFO SAMLDefaultLogger:127 - AuthNResponse;FAILURE;1x.1x.1x.1x;urn:myapp.mysite;http://adfs.myserver.com/adfs/services/trust;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null 
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113) 
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87) 
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) 
    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:184) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:616) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) 
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1519) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1475) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Unknown Source) 

DEBUG SAMLProcessingFilter:350 - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Error validating SAML message 
DEBUG SAMLProcessingFilter:351 - Updated SecurityContextHolder to contain null Authentication 
DEBUG SAMLProcessingFilter:352 - Delegating to authentication failure handler org.springframework.se[email protected]20088b6d

Source

2017-05-03 alpha

Répondre

0

L'erreur est sur le côté AD FS. Vos journaux signalent simplement qu'AD FS a signalé une erreur.

Vous devez afficher les journaux des événements AD FS pour voir ce qui se trouve dans le journal des événements des applications et des services \ ad fs \ admin.

si le code d'accès initié par IDP fonctionne, cela signifie que le côté SP a les détails corrects correspondant à AD FS. Vous devez juste vous assurer qu'AD FS reçoit une requête basée sur ce que vous avez configuré du côté AD FS.

https://technet.microsoft.com/en-us/library/adfs2-troubleshooting-configuring-computers(v=ws.10).aspx devrait aider.

Source

2017-05-06 11:06:16 maweeras

+0

Merci. Ceci est déjà configuré. Il n'y a pas de journaux générés côté serveur ADFS en cas d'erreur. – alpha

+0

C'est peu probable. Tu devrais avoir quelque chose. Sinon, vérifiez les journaux de débogage de l'annonce fs selon ce lien. – maweeras

 Questions connexes

  • Aucun problème connexe^_^