问题
I'm referring to the following article: http://wso2.org/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server
This example works with identity server 4.0.0 but NOT with identity server 4.1.0...
With 4.1.0 - the SAML response is returned, but the relying party application throws an exception when it is trying to deserialize the message. Could this sample be updated to work with the later version of IS?
Here's the stack trace of the relying party application:
SEVERE: Servlet.service() for servlet [SAML2ConsumerServlet] in context with path [/saml2.demo] threw exception
java.lang.NullPointerException
at org.wso2.identity.saml2.demo.SamlConsumerManager.getResult(SamlConsumerManager.java:278)
at org.wso2.identity.saml2.demo.SamlConsumerManager.processResponseMessage(SamlConsumerManager.java:252)
at org.wso2.identity.saml2.demo.SAML2ConsumerServlet.doPost(SAML2ConsumerServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Source code from relying party application: https://svn.wso2.org/repos/wso2/people/suresh/saml2/saml2-demo/src-dist
回答1:
Seems like the decoder operation has not been implemented, and IS 4.0.0 onwards the responses is encoded using Base64, so you may nrequired to do changers in the SamlConsumerManager.java
private String samlDecoder(String messsage) throws Exception{
// Base64 decode
//byte[] xmlBytes = messsage.getBytes("UTF-8");
byte[] base64DecodedByteArray = Base64.decode(messsage);
// Inflate (uncompress) the AuthnRequest data
// First attempt to unzip the byte array according to DEFLATE (rfc 1951)
Inflater inflater = new Inflater(true);
inflater.setInput(base64DecodedByteArray);
// since we are decompressing, it's impossible to know how much space we
// might need; hopefully this number is suitably big
byte[] xmlMessageBytes = new byte[5000];
int resultLength = inflater.inflate(xmlMessageBytes);
if (!inflater.finished()) {
throw new RuntimeException("didn't allocate enough space to hold "
+ "decompressed data");
}
inflater.end();
String decodedResponse = new String(xmlMessageBytes, 0, resultLength,
"UTF-8");
return decodedResponse;
}
public Map<String, String> processResponseMessage(String responseMessage) {
XMLObject responseXmlObj = null;
try {
**responseXmlObj = unmarshall(samlDecoder(responseMessage));**
hope the answer has helped you, since I was able to get this thing work after applying following
来源:https://stackoverflow.com/questions/15441987/wso2-identity-server-saml-sso-passive-sts-example-not-working