Okta PySAML2 Example App: IP-Initiated Works but SP-Initiated Fails
我遵循Okta的"在Okta中设置SAML应用程序"文档,包括对此问题中讨论的FirstName和LastName属性的调整,并遵循Okta的" PySAML2"页面(第三个链接的信誉不足)来运行Flask使用Okta进行身份验证的应用程序。
在运行Flask应用程序时(对" example-okta-com" URL进行了适当的设置更改),IdP启动的流程起作用了,因此我可以从Okta转到该示例应用程序,但是如果我尝试点击应用程序中的" example-okta-com"链接指向http:// localhost:5000 / saml / login / example-okta-com,然后将我重定向到oktapreview.com子域上的错误页面我的测试应用程序包含以下堆栈跟踪:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 | Error: user_exception Error parsing XML in SAML request com.saasure.application.factory.AppUserException: Error parsing XML in SAML request at com.saasure.application.generic.services.impl.OutboundSAMLServiceImpl.isForceAuthn(OutboundSAMLServiceImpl.java:351) at com.saasure.application.generic.ui.controller.sso.SAMLForceAuthnController.requiresForceAuthn(SAMLForceAuthnController.java:137) at com.saasure.application.generic.ui.controller.sso.DefaultSAMLController.handleSAML20AuthnRequestForSpecificInstance(DefaultSAMLController.java:97) at com.saasure.application.generic.ui.controller.sso.DefaultSAMLController.handleSAML20AuthnRequestForSpecificInstance(DefaultSAMLController.java:91) at sun.reflect.GeneratedMethodAccessor1246.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.saasure.framework.web.filter.ServletExceptionFilter.doFilterInternal(ServletExceptionFilter.java:30) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.saasure.framework.web.filter.GzipFilter.doFilterInternal(GzipFilter.java:26) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.saasure.framework.web.filter.HeadToGetFilter.doFilterInternal(HeadToGetFilter.java:31) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at nl.remcojansen.tomcatlogging.JuliAccessLogValve.invoke(JuliAccessLogValve.java:355) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:889) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:744) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2274) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: org.opensaml.xml.parse.XMLParserException: Invalid XML at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:218) at com.saasure.framework.security.saml.impl.BaseSAMLBuilder.unmarshallXml(BaseSAMLBuilder.java:269) at com.saasure.framework.security.saml.impl.BaseSAMLBuilder.unmarshallXml(BaseSAMLBuilder.java:277) at com.saasure.framework.security.saml.impl.SAML20IdentityProviderImpl.unmarshallRequest(SAML20IdentityProviderImpl.java:337) at com.saasure.framework.security.saml.impl.SAML20IdentityProviderImpl.isForceAuthn(SAML20IdentityProviderImpl.java:320) at com.saasure.application.generic.services.impl.OutboundSAMLServiceImpl.isForceAuthn(OutboundSAMLServiceImpl.java:347) ... 53 more Caused by: org.xml.sax.SAXParseException: Content is not allowed in prolog. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source) at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) at javax.xml.parsers.DocumentBuilder.parse(Unknown Source) at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:671) at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:215) ... 58 more |
我对示例应用程序所做的唯一更改是更改了
Okta中的应用程序需要配置为接受压缩的SAML AuthN请求。
很抱歉,我应该将其放在文档中。我很快就会这样做。
在此期间,您将需要在设置的Okta应用程序中将"请求压缩"设置为"压缩"。如下所示:
