1. 首页
  2. 问答
  3. OpenAM和ArcGIS

OpenAM和ArcGIS

2014-11-14 71 views
2

我想用Open AM登录到Arcgis Portal。我遵循的ArcGIS文档:http://doc.arcgis.com/en/arcgis-online/reference/configure-openam.htm 当SSORedirect我有folling错误:OpenAM和ArcGIS

libSAML2:11/14/2014 05:14:52:570 PM CET: Thread[http-8080-1,5,main] 
    ********************************************** 
    libSAML2:11/14/2014 05:14:52:569 PM CET: Thread[http-8080-1,5,main] 
    ERROR: IDPSSOFederate.doSSOFederate: Unable to do sso or federation. 
    com.sun.identity.saml2.common.SAML2Exception: Impossible de générer une valeur NameID. 
     at com.sun.identity.saml2.plugins.DefaultIDPAccountMapper.getNameID(DefaultIDPAccountMapper.java:143) 
     at com.sun.identity.saml2.profile.IDPSSOUtil.getSubject(IDPSSOUtil.java:1512) 
     at com.sun.identity.saml2.profile.IDPSSOUtil.getAssertion(IDPSSOUtil.java:912) 
     at com.sun.identity.saml2.profile.IDPSSOUtil.getResponse(IDPSSOUtil.java:730) 
     at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:422) 
     at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:1071) 
     at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:129) 
     at org.apache.jsp.saml2.jsp.idpSSOFederate_jsp._jspService(idpSSOFederate_jsp.java:114) 
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) 
     at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388) 
     at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) 
     at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) 
     at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) 
     at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) 
     at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) 
     at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:640) 
     at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981) 
     at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615) 
     at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:643) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:113) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:98) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) 
     at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879) 
     at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:617) 
     at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1774) 
     at java.lang.Thread.run(Unknown Source)

我想我已经错过一些与填充NameID。任何想法如何配置它? thx任何帮助!

来源

2014-11-14 g3r4n

+0

OpenAM调试日志不会告知哪些NameID用于从ArcGis Portal SAML SP到OpenAM SAML IdP(这是在SAML元数据中配置的)的身份验证请求。 但是,您可以启用OpenAM端的'消息'级别日志记录来查看OpenAM收到的信息。 它可能与OpenAM Data Store配置等有关。 – 2014-11-17 09:22:14

回答

1

“无法生成NameID值”错误的最可能原因是您试图使用非持久性的非暂时NameID格式创建断言。在这些情况下,OpenAM不知道NameID元素使用什么值,因此您需要在托管IdP的配置页上设置NameID值映射。

使用NameID值映射,您可以将给定属性值从用户条目分配给< NameID>元素为实际的NameID格式。

例如用下面的映射:

urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=uid

每当有输入AuthnRequest请求未指定的填充NameID格式的,则返回的断言将包含类似于此NameID的值:

<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">demo</saml:NameID>

其中“demo”是登录用户的uid属性的值。

来源

2015-01-26 10:14:37

相关问题

 相关问题