WSO2 Identity Server 5.0.0 Sharepoint 2013 SSO Пассивный STS сбой

Question

Я следил за SSO for Microsoft Sharepoint Web Applications with WSO2 Identity Server tutorial, но я получаю ошибку SOAP в wresult в форме, возвращающей POST в SharePoint.

soapenv: Причина содержит следующий текст:

Ошибка в создании SAMLToken с использованием библиотеки Opensaml

Я позволил протоколирования DEBUG глобально в WSO2 Сервер идентификации, и я могу видеть реакция на ошибку, но я не могу понять, почему это происходит:

TID: [0] [IS] [2015-10-29 15:39:18,921] DEBUG {org.wso2.carbon.identity.sts.passive.PassiveSTSService} - Retrieving wreply url for : Portal in tenant : carbon.super {org.wso2.carbon.identity.sts.passive.PassiveSTSService} 
TID: [0] [IS] [2015-10-29 15:39:18,921] DEBUG {org.wso2.carbon.identity.sts.passive.PassiveSTSService} - Setting ReplyTo URL : hxxp://portal.domain/_trust for Realm : Portal {org.wso2.carbon.identity.sts.passive.PassiveSTSService} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Creating request with request type: hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue and applies to: Portal {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Using RSTTemplate: <sp:RequestSecurityTokenTemplate xmlns:sp="hxxp://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wst:TokenType xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512">hxxp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType><wst:KeyType xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512">hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType><wst:KeySize xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512">256</wst:KeySize><wst:Claims xmlns:wst="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsp="hxxp://docs.oasis-open.org/ws-sx/ws-trust/200512" wsp:Dialect="hxxp://wso2.org/claims"><wsid:ClaimType xmlns:wsid="hxxp://schemas.xmlsoap.org/ws/2005/05/identity" Uri="{WindowsAccountName|123456789}"></wsid:ClaimType></wst:Claims></sp:RequestSecurityTokenTemplate> {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Extracting key size from the RSTTemplate: {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,937] DEBUG {org.apache.rahas.client.STSClient} - Key size from RSTTemplate: 256 {org.apache.rahas.client.STSClient} 
TID: [0] [IS] [2015-10-29 15:39:18,952] DEBUG {org.wso2.carbon.identity.sts.passive.processors.RequestProcessor} - STSTimeToLive read from carbon.xml in passive STS 1800000 {org.wso2.carbon.identity.sts.passive.processors.RequestProcessor} 
TID: [0] [IS] [2015-10-29 15:39:18,999] DEBUG {org.apache.ws.security.components.crypto.CryptoFactory} - Using Crypto Engine [org.wso2.carbon.security.util.ServerCrypto] {org.apache.ws.security.components.crypto.CryptoFactory} 
TID: [0] [IS] [2015-10-29 15:39:19,046] DEBUG {org.apache.xml.security.Init} - Registering default algorithms {org.apache.xml.security.Init} 
TID: [0] [IS] [2015-10-29 15:39:19,140] DEBUG {org.wso2.carbon.identity.provider.AttributeCallbackHandler} - Loading claims {org.wso2.carbon.identity.provider.AttributeCallbackHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,140] DEBUG {org.wso2.carbon.identity.core.IdentityClaimManager} - IdentityClaimManager singleton instance created successfully {org.wso2.carbon.identity.core.IdentityClaimManager} 
TID: [0] [IS] [2015-10-29 15:39:19,140] DEBUG {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} - My Hash code of Claim cache is : 1 {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} 
TID: [0] [IS] [2015-10-29 15:39:19,156] DEBUG {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} - Shared Hash code of Claim cache is : 1 {org.wso2.carbon.user.core.claim.ClaimInvalidationCache} 
TID: [0] [IS] [2015-10-29 15:39:19,156] DEBUG {org.wso2.carbon.identity.provider.AttributeCallbackHandler} - Processing claim data {org.wso2.carbon.identity.provider.AttributeCallbackHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,156] DEBUG {org.wso2.carbon.identity.provider.AttributeCallbackHandler} - Populating claim values {org.wso2.carbon.identity.provider.AttributeCallbackHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axiom.om.impl.builder.StAXOMBuilder} - WARNING: The current state of the parser is not equal to the state just received from the parser. The current state in the paser is END_ELEMENT the state just received is END_DOCUMENT {org.apache.axiom.om.impl.builder.StAXOMBuilder} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.handlers.addressing.AddressingOutHandler} - includeOptionalHeaders=false {org.apache.axis2.handlers.addressing.AddressingOutHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.handlers.addressing.AddressingOutHandler} - WSAHeaderWriter: isFinal=true addMU=false replace=false includeOptional=false role=null {org.apache.axis2.handlers.addressing.AddressingOutHandler} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.client.Options} - getAction (urn:getResponseResponse) from org.apache.axis2.client.Options@4cdb77b9 {org.apache.axis2.client.Options} 
TID: [0] [IS] [2015-10-29 15:39:19,187] DEBUG {org.apache.axis2.transport.local.LocalResponder} - Response - <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="hxxp://www.w3.org/2003/05/soap-envelope"><soapenv:Header xmlns:wsa="hxxp://www.w3.org/2005/08/addressing"><wsa:Action>urn:getResponseResponse</wsa:Action><wsa:RelatesTo>urn:uuid:83ee0d80-39ff-428f-92b9-bad675cdb820</wsa:RelatesTo></soapenv:Header><soapenv:Body><ns:getResponseResponse xmlns:ns="hxxp://org.apache.axis2/xsd"><ns:return xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:ax2364="hxxp://passive.sts.identity.carbon.wso2.org/xsd" xsi:type="ax2364:ResponseToken"><ax2364:authenticated>true</ax2364:authenticated><ax2364:context>hxxp://portal.domain/_layouts/15/Authenticate.aspx?Source=%2F</ax2364:context><ax2364:replyTo>hxxp://portal.domain/_trust</ax2364:replyTo><ax2364:responsePointer xsi:nil="true"></ax2364:responsePointer><ax2364:results>&lt;soapenv:Fault xmlns:soapenv="hxxp://www.w3.org/2003/05/soap-envelope"&gt;&lt;soapenv:Code&gt;&lt;soapenv:Value&gt;Sender&lt;/soapenv:Value&gt;&lt;soapenv:Subcode&gt;&lt;soapenv:Value xmlns:sts="hxxp://wso2.org/passivests"&gt;sts:InvalidRequest&lt;/soapenv:Value&gt;&lt;/soapenv:Subcode&gt;&lt;/soapenv:Code&gt;&lt;soapenv:Reason&gt;&lt;soapenv:Text&gt;Error in creating a SAMLToken using Opensaml library&lt;/soapenv:Text&gt;&lt;/soapenv:Reason&gt;&lt;soapenv:Detail&gt;none&lt;/soapenv:Detail&gt;&lt;/soapenv:Fault&gt;</ax2364:results></ns:return></ns:getResponseResponse></soapenv:Body></soapenv:Envelope> {org.apache.axis2.transport.local.LocalResponder} 

HTTP URI, изменен на hxxp так, что я могу представить этот вопрос.

Answer 1

Я понял. Конфигурация Catalina была настроена на использование неправильного псевдонима в хранилище ключей для шифрования частных сообщений. В моем случае указанный псевдоним вообще не существовал. Изменил его на действительный псевдоним, и теперь он работает так, как ожидалось.