Re: Using SAML 2 Bearer token with our own UAA Server #uaa
Shetty, Viraj S [CTR]
Still having issues. I tried several things and they all seem to fail.
1. Per the documenatation, the URL should go to http://vyscu3.localhost:8080/uaa/oauth/token/alias/vyscu3.cloudfoundry-saml-login. For my environment, this should probably be http://<host>/uaa/oauth/token/alias/cloudfoundry-saml-login-dev How do I find if this URL is correct ? The receipient in the SAML Asserrtion is https://<host>/saml/SSO/alias/cloudfoundry-saml-login-dev. tried this as well. 2. When i used with encrypted assertion below, i get the following exception <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData ...... 2019-12-10T16:51:10.13-0500 [APP/PROC/WEB/0] OUT java.lang.ClassCastException: class org.opensaml.saml2.core.impl.EncryptedAssertionImpl cannot be
cast to class org.opensaml.saml2.core.Assertion (org.opensaml.saml2.core.impl.EncryptedAssertionImpl and org.opensaml.saml2.core.Assertion are in unna
med module of loader org.apache.catalina.loader.ParallelWebappClassLoader @3ed242a4)
2019-12-10T16:51:10.13-0500 [APP/PROC/WEB/0] OUT at org.cloudfoundry.identity.uaa.authentication.SamlAssertionDecoder.doDecode(SamlAssertionDec
oder.java:97) ~[cloudfoundry-identity-server-74.5.0.jar:?]
2019-12-10T16:51:10.13-0500 [APP/PROC/WEB/0] OUT at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:79) ~[ope
nws-1.5.6.jar:?]
3. then i tried unencrypted assertion, which gave me another exception
2019-12-10T16:45:24.58-0500 [APP/PROC/WEB/1] OUT Caused by: org.opensaml.common.SAMLException: Assertion invalidated by subject confirmation - can'
t be confirmed by the bearer method
2019-12-10T16:45:24.58-0500 [APP/PROC/WEB/1] OUT at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifySubject(WebSSOProf
ileConsumerImpl.java:400)
2019-12-10T16:45:24.58-0500 [APP/PROC/WEB/1] OUT at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOPr
ofileConsumerImpl.java:296)
2019-12-10T16:45:24.58-0500 [APP/PROC/WEB/1] OUT at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationRes
ponse(WebSSOProfileConsumerImpl.java:214) UAA does not seem to like the subject. Looking at the subject confirmation tag, there is attribute 'method' which is 'urn:oasis:names:tc:SAML:2.0:cm:bearer' Any ideas ? IS there any expanation other than the UAA Api ?
|
|