1. ホーム
  2. 質問と答え
  3. "Shibboleth SSO認証要求で提供されたproviderIdパラメータがありません" ruby​​-samlのTestShibから

"Shibboleth SSO認証要求で提供されたproviderIdパラメータがありません" ruby​​-samlのTestShibから

2017-07-19 5 views
1

私はDevailsのRails 5アプリでOmniAuth SSO専用認証を実装しようとしています。私は組織の社内IdPを使用する前にTestShibを使ってテストしようとしています。"Shibboleth SSO認証要求で提供されたproviderIdパラメータがありません" ruby​​-samlのTestShibから

ですconfig/initializers/devise.rbで私の現在の構成:

idp_meta_parser = OneLogin::RubySaml::IdpMetadataParser.new 
idp_meta = idp_meta_parser.parse_remote_to_hash('https://idp.testshib.org/idp/shibboleth') 
config.omniauth :saml, 
    issuer: 'https://localhost:3000/shibboleth', 
    **idp_meta

私はTestShib上のエラーページにリダイレクトされています認証URL(/users/auth/saml)に移動し、ログはこの言う:

10:01:19.187 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86] - shibboleth.HandlerManager: Looking up profile handler for request path: /Shibboleth/SSO 
10:01:19.188 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler 
10:01:19.188 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:339] - LoginContext key cookie was not present in request 
10:01:19.188 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler:152] - Incoming request does not contain a login context, processing as first leg of request 
10:01:19.188 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler:218] - Decoding message with decoder binding urn:mace:shibboleth:1.0:profiles:AuthnRequest 
10:01:19.188 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder:72] - No providerId parameter given in Shibboleth SSO authentication request. 
10:01:19.188 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler:247] - Error decoding Shibboleth SSO request 
org.opensaml.ws.message.decoder.MessageDecodingException: No providerId parameter given in Shibboleth SSO authentication request. 
    at edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder.doDecode(ShibbolethSSODecoder.java:73) ~[shibboleth-identityprovider-2.4.0.jar:na] 
    at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:79) ~[openws-1.5.0.jar:na] 
    at org.opensaml.saml1.binding.decoding.BaseSAML1MessageDecoder.decode(BaseSAML1MessageDecoder.java:109) ~[opensaml-2.6.0.jar:na] 
    at edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.decodeRequest(ShibbolethSSOProfileHandler.java:240) [shibboleth-identityprovider-2.4.0.jar:na] 
    at edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.performAuthentication(ShibbolethSSOProfileHandler.java:174) [shibboleth-identityprovider-2.4.0.jar:na] 
    at edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.processRequest(ShibbolethSSOProfileHandler.java:153) [shibboleth-identityprovider-2.4.0.jar:na] 
    at edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.processRequest(ShibbolethSSOProfileHandler.java:70) [shibboleth-identityprovider-2.4.0.jar:na] 
    at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.4.0.jar:na] 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.36] 
    at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) [shibboleth-identityprovider-2.4.0.jar:na] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.36] 
    at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:87) [shibboleth-identityprovider-2.4.0.jar:na] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.36] 
    at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) [shibboleth-common-1.4.0.jar:na] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.36] 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.36] 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:6.0.36] 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.36] 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) [catalina.jar:6.0.36] 
    at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) [tomcat-coyote.jar:6.0.36] 
    at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:311) [tomcat-coyote.jar:6.0.36] 
    at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) [tomcat-coyote.jar:6.0.36] 
    at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) [tomcat-coyote.jar:6.0.36] 
    at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) [tomcat-coyote.jar:6.0.36] 
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) [tomcat-coyote.jar:6.0.36] 
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_55]

私は本当に関連性の高いものは何も見つかりませんでした。私が見つけることができる唯一のドキュメントは、providerIdがthis on the Shibboleth Wikiです。

正確にはproviderIdとは何ですか?OmniAuthとRubySamlでどのように指定できますか?

出典

2017-07-19 Jacob

答えて

1

だから、これはいつまでもわかります。基本的に私はすべてのドキュメント(https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration)を追跡し、いくつかの電子メールリストを見ました。欠落しているものは、リダイレクトクエリの一部です。通常は次のようになります。

https://idp.testshib.org/idp/profile/Shibboleth/SSO?SAMLRequest=rVbZjqraFv0Vk3rwoWLRSGt2VbJoRFAoEGn05YZmgSh9I8rXX7T2rlTt3HPOPslNgLDmms1Ycwxm%2BNF4WVouQNce8y2sOti0E9A0sG6TIueLvOkyWJuwviQBtLab1%2BmxbcsFgtAsOidRwnvJ47o4vyQF4o0pYN4mgdcWNXJP2yARDsN5RPkzCoXUjAiZYOZBhp6xDO7hlBdQvg8RL2imE2EsnOTevepHjWYskoTlSztuNMfEfynq%2BG5AyrqIkhQi5mj0ixS2R8Q036cTWXid%2FgfHGRYPCXZGs%2BxYEGXImc8Q1AwlUHKOURTlz4PRtWk6KOdN6%2BXt6xRHMWaGzsdrhzELnFwQ2GE6sWHdPMDgL%2Bh0cs3SvFncD%2FU67ep8UXhN0ixyL4PNog0WJlA3i9Fx4f1q3deQ8u9jxgO1RVCk07cfd%2B%2FFA1399v9vdAZbL%2FRa7wfytc6PsFmYSTz2vqvhT9Rh80l03%2Fcv%2FfzRfRxFUQRlkdEnbJL4afoZC0M5j4rHkvfyIh%2BxpcnwYFMdCSrCCUjjok7aY%2FYXiTEEQ%2B%2BJZ%2FAazAKMyJ%2BmyHdof5wIJX4hnGVFDZ%2Fqxps1Rw8nqZ8ptzCCNcwDOLG28uv06c9U8wjd1V7eREWdNd%2BX%2FwjrW%2BNgfoFpUcJw1vw63U9of57wfzTs7QcMFnIepF2TXKB2F1rpBbCZ6DWMkusmaUa1P4Uw8rq0nTyU%2BXhOwmZyvV%2FJJAt%2FCRcG%2F4op5Cv435YfvRKSePyU%2FyWLI0tP37j7yGJ7aQfffN5ruVMeZwxtiih%2BHALOu5FzYEUEurvN5VgPhk0Vn4ud%2BPpA9DX4YfhUwsfyNyl%2FSu8jwpL2MUkjc9fM3RKLKHGX09aOZXmS3wXVcy2bO9pAXS6Iap2rDrVZHjz5ue1xpmSYTDEdWVxqYd4RxlElt32L6VTGz0%2BRTtC2uVkbMdyfcQQO%2FiWudzxOgURyFBe7WcQh0s6I05nVHCN1YdDcYmV6HWosuQGcIj%2F18VpQZNYzLvPoGFMAXXXbqvZrN0LtQD7vQmoXr1iJVZYKonr6VTzIbteZZMdG7np9q8qodXcWajIxq6YuchouzwGWEx2tVHvdw5PkiCEszdnDDkOWfCojzloMD41mn4kW4gi%2BJYtVD07qXMHI1aHsd%2F5%2BYDeRRq1v6ZZ%2FllHc1CkqEchMwp8pfcA02UD3eByoTsi8frb%2BS6%2Fv7V%2FD2ycVLomywji6Phf8fcxG9xkI31RZFsyB58FpHYNe5kA83gLQuPhcHc%2BJxPYoBwx0OdoQ1Wh63tgLtmFIYq9gwSBuVHCWAGaJPBi3UPEqDPdYzeZAoXJn7Oi52sU%2FiabKgYcf6HvFd5ZlgLPdJksvKke4wk4kVEHt1ZM8aMK%2B19LibiN%2Fs%2FX6l3rcUeVDV73yA1A%2B6sXjlsapBtMLHxjXAjhoeycdfJy4iidgfPipKu%2F8xJWQpX8%2Fu6neY5R1cZCPl0ADhshxBhDiWByf477R8OM7DzYyOSA3rYJ%2BSmLdymPnLiJl8RVsZTkA66Y6bJF3t77qKH0SyVtsLW03mp8LpY%2FE3L8dFO66YtPKMvd4KIVicHWuWvS%2BucVcxG5ORYqY3ZXul5mmHND1yS1BrUBCj3NOqsvj4Ah0xaxXQxQkz0tSKqB%2Bs6juQjmSldjpRlAPwU1IV%2FZ%2BGXT8jQA8ZSFHWwfMBvDPfWYIZr8MzrfW57j1LuHXbVMMkdG6zC12SoVhpRAXElNmjvFpX5E%2Bm5wk%2BG7N4d5sWYplx3NG7fWm1gpN6VrV505o8RGjV1bA4umNLuGAGVSxZ89W5514iyYNszTryr2RiGOpV9X31EOJvFOxLYEz0HZgxdz06xz1R%2Bo4AKSTJXDvKofe%2BQ2F2HA4bqustrpTYZDD825F2yh9QCU54dPjZQDRnc%2BVqYqSAJz4733Vh%2B9WFbndqGRjhagAlXizkkzZnwsj34JhAUDc9Q%2FsxCW4XIRYwbXOgAeBJMAz7W9VlaaqWAijYNtzYTRnrBjNZNNymF0dO4aj7wgG898vVSR1V%2Ffc0s%2Fp%2B8Zfque9uxGP%2BEqPOgV6g8hvrJV7SVvIHHzcDxo4pouu20E6HBMpjny0EFaHpjtBcXtaLyXHrJGMcZYktBpaRjohEE7hka6y8rk%2FJYrKYmJWqBuFLDcVla4pXtHzuGyIrK7qK2Zbz1pCWUJMWHRN81q5MRr5lriHXhMVWpN71E82zfwmtKTeZ1Z3tXd2viF0y1kvyz1txrZgryFydMeGBZIUD%2FoKQMOihEaUIqBuSTjKRzS9wi7ld687WDaTL7UUnqhbtPbOMhKlvcUQGGW8fgyr3wfQp%2FFjRCFfh9e34fb28ev1%2FX%2F77b8%3D

欠けているものは、paramsのクエリ文字列の一部です。使用している方法はSAML 1.xです。シンプルに、リダイレクトURLの一部としてプロバイダID、シャーア、ターゲットを含めます。

https://idp.testshib.org/idp/profile/Shibboleth/SSO?SAMLRequest=xxx&providerId=xxx&shire=xxx&target=xxx

代わりにあなたがこれらのパラメータの少ないを必要とSAML 2エンドポイントhttps://idp.testshib.org/idp/profile/SAML2/Redirect/SSOを使用することができます。結果は次のようになります。

出典

2018-03-03 18:56:03 waratuman

関連する問題

 関連する問題