php – 使用SimpleSAML作为SP和IDP用于开发环境
发布时间:2020-05-25 09:09:40 所属栏目:PHP 来源:互联网
导读:我正在尝试使用我的网络应用程序中的SAML进行身份验证. 我按照IdP quick start和SP quick start用户指南进行了下面的配置 失败的是: Backtrace:1 /app_path/application/lib/simplesamlphp/www/_include.php:37 (SimpleSAML_exception_handler)0 [builtin] (
我正在尝试使用我的网络应用程序中的SAML进行身份验证. 我按照IdP quick start和SP quick start用户指南进行了下面的配置 Backtrace: 1 /app_path/application/lib/simplesamlphp/www/_include.php:37 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: Exception: Unable to find the current binding. Backtrace: 2 /app_path/application/lib/simplesamlphp/lib/SAML2/Binding.php:81 (SAML2_Binding::getCurrentBinding) 1 /app_path/application/lib/simplesamlphp/modules/saml/lib/IdP/SAML2.php:266 (sspmod_saml_IdP_SAML2::receiveAuthnRequest) 0 /app_path/application/lib/simplesamlphp/www/saml2/idp/SSOService.php:19 (N/A) 建立 : >我的应用程序在本地与主机:trunk.sam.net一起运行 这两个simplesaml实际上都使用相同的代码和配置文件(它们共享相同的文档根目录) 配置: config.php文件 'enable.saml20-idp' => true,'enable.shib13-idp' => true, authsources.php 'default-sp-trunk.sam.net' => array( 'saml:SP','entityID' => 'http://trunk.sam.net','idp' => 'http://auth.sam.net/simplesaml/saml2/idp/metadata.php','ssoPortalUrl'=> 'http://auth.sam.net/simplesaml/saml2/idp/SSOService.php','bkmapping' => array( 'login' => 'uid','eMail' => 'mail' ) ),'example-userpass' => array( 'exampleauth:UserPass','shf:pwd' => array( 'uid' => array('shf'),'eduPersonAffiliation' => array('mail','shf@bk-soft.com') ),'shl:pwd' => array( 'uid' => array('shl') ),), saml20-IDP-hosted.php $metadata['__DYNAMIC:1__'] = array( /* * The hostname for this IdP. This makes it possible to run multiple * IdPs from the same configuration. '__DEFAULT__' means that this one * should be used by default. */ 'host' => '__DEFAULT__',/* * The private key and certificate to use when signing responses. * These are stored in the cert-directory. */ 'privatekey' => 'server.pem','certificate' => 'server.crt',/* * The authentication source which should be used to authenticate the * user. This must match one of the entries in config/authsources.php. */ 'auth' => 'example-userpass',/* * The interoperable SAML 2 profile specifies that attributes should be delivered using the urn:oasis:names:tc:SAML:2.0:attrname-format:uri NameFormat. * We therefore recommended enabling this in new installations. This can be done by adding the following to the saml20-idp-hosted configuration: */ 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri','authproc' => array( // Convert LDAP names to oids. 100 => array('class' => 'core:AttributeMap','name2oid'), ); saml20-IDP-remote.php $metadata['http://auth.sam.net/simplesaml/saml2/idp/metadata.php'] = array ( 'entityid' => 'http://auth.sam.net/simplesaml/saml2/idp/metadata.php','contacts' => array (0 => array ( 'contactType' => 'technical','surName' => 'Administrator','emailAddress' => array (0 => 'support@bluekiwi-software.com'),'metadata-set' => 'saml20-idp-remote','SingleSignOnService' => array (0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect','Location' => 'http://auth.sam.net/simplesaml/saml2/idp/SSOService.php','SingleLogoutService' => array ( 0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect','Location' => 'http://auth.sam.net/simplesaml/saml2/idp/SingleLogoutService.php','ArtifactResolutionService' => array ( ),'keys' => array (0 => array ( 'encryption' => false,'signing' => true,'type' => 'X509Certificate','X509Certificate' => 'MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo',1 => array ( 'encryption' => true,'signing' => false, ); saml20-SP-remote.php $metadata['http://trunk.sam.net'] = array ( 'AssertionConsumerService' => 'http://trunk.sam.net/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp-trunk.sam.net','SingleLogoutService' => 'http://trunk.sam.net/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp-trunk.sam.net',); 谁能指出我做错了什么? 我错过了配置条目/文件吗? 我应该使用单独的simplesaml安装吗? 谢谢你的建议 问题是SP和IdP需要两个不同的简单saml安装. 我将源代码复制到另一个文件夹,编辑了我用于IdP(auth.sam.net)的vhost,一切正常.配置没问题.(编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |