WSO2 Identity Server与ADFS Server集成时抛出NullpointerException

南拉塔(Narrata Khobragade)

我正在使用WSO2 Identity Server 5.10.0,并且试图通过外部ADFS服务器实现WSO2IS。

我遵循了https://docs.wso2.com/display/IS570/Configuring+AD+FS+as+a+Federated+Authenticator示例,并从WSO2管理控制台将ADFS配置为身份提供者。服务器能够重定向到ADFS登录页面,但是当ADFS向WSO2IS发送回调时,它将引发NullPointerException。

完整的堆栈跟踪如下:

[2020-04-02 17:49:56,407] [3a9f62a7-17f1-4944-b561-e36a7b21736d] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.lang.NullPointerException
        at org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.publishAuthenticationStepAttempt(AbstractApplicationAuthenticator.java:170)
        at org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:94)
        at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:506)
        at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handleResponse(DefaultStepHandler.java:480)
        at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:179)
        at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:185)
        at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.GraphBasedSequenceHandler.handle(GraphBasedSequenceHandler.java:111)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:158)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:240)
        at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:66)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:72)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:86)
        at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
        at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:75)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
        at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
        at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
        at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
        at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
        at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:119)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748) 

WSO中设置的ADFS详细信息:

Identity Provider Name: adfs
Uploaded valid PEM certificate
Federation Authenticators -> SAML2 Web SSO Configuration -> Enabled SAML2 Web SSO
                                                            Service Provider Entity Id : wso2is
                                                            Identity Provider Entity Id : {from ADFS metadata}
                                                            ACS URL : https:\\{ip}:9443\commonauth
                                                            SSO URL : {from ADFS metadata}

任何人都可以分辨出是否有问题吗?

皮拉韦耶纳·帕拉洛加拉贾(Piraveena Paralogarajah)

此空指针问题已在此处报告在主服务器中修复。但是如果在处理来自联合IDP的SAML响应且用户为null时发生故障,则在发生故障时从此代码行引发此NPE问题你可以找到在SAML实际的错误,从出站组件这里

因此,您的根本问题似乎是用户标识符在从ADFS端接收到的SAML断言中不可用。请检查一下。请验证从ADFS获得的saml响应,并检查它是否在身份验证响应中发送用户信息。

本文收集自互联网,转载请注明来源。

如有侵权,请联系[email protected] 删除。

编辑于
0

我来说两句

0条评论
登录后参与评论

相关文章

来自分类Dev

WSO2与Identity Server的单点登录

来自分类Dev

WSO2 Identity Server升级

来自分类Dev

集成bonita和wso2 Identity Server

来自分类Dev

使用WSO2 Identity Server和WSO2 API Manager保护后端

来自分类Dev

使用WSO2 Identity Server的SAML2.0 SSO?

来自分类Dev

WSO2 Identity Server UserAdmin SOAP接口

来自分类Dev

WSO2 Identity Server是否支持OpenId Connect发现

来自分类Dev

基于SAML / XACML的WSO2 Identity Server访问控制

来自分类Dev

WSO2 Identity Server中的SAML请求-响应处理

来自分类Dev

使用WSO2 Identity Server的SAML2.0 SSO?

来自分类Dev

使用WSO2 Identity Server 5.1进行单点登录

来自分类Dev

WSO2 API Manager使用Identity Server存储访问

来自分类Dev

wso2 Identity Server-无法删除租户

来自分类Dev

用于会话管理的 WSO2 Identity Server 5.0.0 Api

来自分类Dev

有关集成WSO2 API管理器,Identity Server和Shibboleth的建议

来自分类Dev

Spring SAML与WSO2 Identity Server集成,未重新协调SAML消息ID

来自分类Dev

WSO2 Identity Server:在注册时自动将用户添加到角色

来自分类Dev

WSO2 Identity Server 5.9.0 oAuth2配置类型

来自分类Dev

WSO2 sh wso2server.sh -Dmigrate -Dcomponent=identity 没有运行迁移脚本

来自分类Dev

Wso2 Identity Server:提高资源上属性的AttributeFinderModule的性能

来自分类Dev

WSO2 Identity Server 5.1.0只能与JRE一起运行吗?

来自分类Dev

在WSO2 Identity Server仪表板中看不到任何选项

来自分类Dev

WSO2 Identity Server 5.0.0-chpasswd.sh无法正常工作

来自分类Dev

为WSO2 Identity Server部署自定义密码策略文件

来自分类Dev

WSO2 API Manager(和Identity Server)上的令牌验证

来自分类Dev

WSO2 Identity Server 5.0不包括“自我注册(注册)”页面?

来自分类Dev

如何自定义所有WSO2 Identity Server登录相关页面

来自分类Dev

WSO2的Identity Server中间使用单点登录在DAS中进行失败还原

来自分类Dev

WSO2 Identity Server 5.1.0在SAML响应中未返回用户声明

Related 相关文章

  1. 1

    WSO2与Identity Server的单点登录

  2. 2

    WSO2 Identity Server升级

  3. 3

    集成bonita和wso2 Identity Server

  4. 4

    使用WSO2 Identity Server和WSO2 API Manager保护后端

  5. 5

    使用WSO2 Identity Server的SAML2.0 SSO?

  6. 6

    WSO2 Identity Server UserAdmin SOAP接口

  7. 7

    WSO2 Identity Server是否支持OpenId Connect发现

  8. 8

    基于SAML / XACML的WSO2 Identity Server访问控制

  9. 9

    WSO2 Identity Server中的SAML请求-响应处理

  10. 10

    使用WSO2 Identity Server的SAML2.0 SSO?

  11. 11

    使用WSO2 Identity Server 5.1进行单点登录

  12. 12

    WSO2 API Manager使用Identity Server存储访问

  13. 13

    wso2 Identity Server-无法删除租户

  14. 14

    用于会话管理的 WSO2 Identity Server 5.0.0 Api

  15. 15

    有关集成WSO2 API管理器,Identity Server和Shibboleth的建议

  16. 16

    Spring SAML与WSO2 Identity Server集成,未重新协调SAML消息ID

  17. 17

    WSO2 Identity Server:在注册时自动将用户添加到角色

  18. 18

    WSO2 Identity Server 5.9.0 oAuth2配置类型

  19. 19

    WSO2 sh wso2server.sh -Dmigrate -Dcomponent=identity 没有运行迁移脚本

  20. 20

    Wso2 Identity Server:提高资源上属性的AttributeFinderModule的性能

  21. 21

    WSO2 Identity Server 5.1.0只能与JRE一起运行吗?

  22. 22

    在WSO2 Identity Server仪表板中看不到任何选项

  23. 23

    WSO2 Identity Server 5.0.0-chpasswd.sh无法正常工作

  24. 24

    为WSO2 Identity Server部署自定义密码策略文件

  25. 25

    WSO2 API Manager(和Identity Server)上的令牌验证

  26. 26

    WSO2 Identity Server 5.0不包括“自我注册(注册)”页面?

  27. 27

    如何自定义所有WSO2 Identity Server登录相关页面

  28. 28

    WSO2的Identity Server中间使用单点登录在DAS中进行失败还原

  29. 29

    WSO2 Identity Server 5.1.0在SAML响应中未返回用户声明

热门标签

归档