我想用Open AM登錄到Arcgis Portal。我遵循的ArcGIS文檔:http://doc.arcgis.com/en/arcgis-online/reference/configure-openam.htm 當SSORedirect我有folling錯誤:OpenAM和ArcGIS
libSAML2:11/14/2014 05:14:52:570 PM CET: Thread[http-8080-1,5,main]
**********************************************
libSAML2:11/14/2014 05:14:52:569 PM CET: Thread[http-8080-1,5,main]
ERROR: IDPSSOFederate.doSSOFederate: Unable to do sso or federation.
com.sun.identity.saml2.common.SAML2Exception: Impossible de générer une valeur NameID.
at com.sun.identity.saml2.plugins.DefaultIDPAccountMapper.getNameID(DefaultIDPAccountMapper.java:143)
at com.sun.identity.saml2.profile.IDPSSOUtil.getSubject(IDPSSOUtil.java:1512)
at com.sun.identity.saml2.profile.IDPSSOUtil.getAssertion(IDPSSOUtil.java:912)
at com.sun.identity.saml2.profile.IDPSSOUtil.getResponse(IDPSSOUtil.java:730)
at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:422)
at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:1071)
at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:129)
at org.apache.jsp.saml2.jsp.idpSSOFederate_jsp._jspService(idpSSOFederate_jsp.java:114)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:640)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:113)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:98)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:617)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1774)
at java.lang.Thread.run(Unknown Source)
我想我已經錯過一些與填充NameID。任何想法如何配置它? thx任何幫助!
OpenAM調試日誌不會告知哪些NameID用於從ArcGis Portal SAML SP到OpenAM SAML IdP(這是在SAML元數據中配置的)的身份驗證請求。 但是,您可以啓用OpenAM端的'消息'級別日誌記錄來查看OpenAM收到的信息。 它可能與OpenAM Data Store配置等有關。 – 2014-11-17 09:22:14