我是Shibboleth的新手,尝试在ADFS和Shibboleth之间configuration身份validation。 用户存储在AD中。 我已经连接ADFS和Shibboleth,并能够看到login页面,提交用户名和凭证后,我得到一个错误“身份validation失败”。
日志显示以下错误:
16:46:06.929 – DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:177] – 用户身份validation失败的java.lang.SecurityException:configuration错误:在com.sun没有这样的文件或目录.security.auth.login.ConfigFile。(Unknown Source)〜[na:1.7.0_45] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)〜[na:1.7.0_45] at sun.reflect.NativeConstructorAccessorImpl.newInstance未知源)〜[na:1.7.0_45]在sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)〜[na:1.7.0_45]
我无法找出哪个文件丢失,以及我犯了什么错误。 任何帮助高度赞赏。
login.config的外观如下:
ShibUserPassAuth { // Example LDAP authentication // See: https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPass edu.vt.middleware.ldap.jaas.LdapLoginModule required host="idmgt-IP0.idmgtext.demo" port="389" base="CN=Users,DC=idmgtext,DC=demo" serviceCredential="Corp123!" userRoleAttribute="sAMAccountName" serviceUser="[email protected]" subtreeSearch = "true" ssl="false" userFilter="sAMAccountName={0}"; // Example Kerberos authentication, requires Sun's JVM // See: https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPass /* com.sun.security.auth.module.Krb5LoginModule required useKeyTab="true" keyTab="/path/to/idp/keytab/file"; */ }; handler.xml
<?xml version="1.0" encoding="UTF-8"?> <ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd"> <!-- Error Handler --> <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" /> <!-- Profile Handlers --> <!-- All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status" --> <ProfileHandler xsi:type="Status"> <RequestPath>/Status</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAMLMetadata" metadataFile="C:\opt\Shib2Idp/metadata/idp-metadata.xml"> <RequestPath>/Metadata/SAML</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"> <RequestPath>/Shibboleth/SSO</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"> <RequestPath>/SAML1/SOAP/AttributeQuery</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"> <RequestPath>/SAML1/SOAP/ArtifactResolution</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> <RequestPath>/SAML2/POST/SSO</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> <RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> <RequestPath>/SAML2/Redirect/SSO</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"> <RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath> </ProfileHandler> <ProfileHandler xsi:type="SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"> <RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath> </ProfileHandler> <!-- Login Handlers <LoginHandler xsi:type="RemoteUser"> <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod> </LoginHandler> --> <!-- Username/password login handler --> <LoginHandler xsi:type="UsernamePassword" jaasConfigurationLocation="file://C:\opt\Shib2Idp/conf/login.config"> <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod> </LoginHandler> <!-- Removal of this login handler will disable SSO support, that is it will require the user to authenticate on every request. --> <LoginHandler xsi:type="PreviousSession"> <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod> </LoginHandler> </ProfileHandlerGroup>