0
Wir haben eine PF-Installation, in der wir versuchen, OpenID Connect-basierte SSO einzurichten. Wir haben den PF IdP mit unserem internen Windows AD verbunden. Wenn wir versuchen, einen Auth-Code anzufordern, eine Browser-basierte SSO ausführen, bekommen wir diese Ausnahme: Mapping into unique user key resulted in null or empty value from source attributesPingFederate error - Ignorierender Versuch, der Attributzuordnung für USER_KEY einen Nullwert hinzuzufügen
Dies ist, was
in der Protokolldatei vorhanden ist2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator] search sAMAccountName=MYLOGIN
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.servlet.HttpServletRespProxy] adding lazy cookie Cookie{PF=v15OJ5PwavFr0TTQqGGPxWrOjzUTXlkVKfVCB2yceOXN; path=/; maxAge=-1; domain=null} replacing Cookie{PF=v15OJ5PwavFr0TTQqGGPxWv76zVxxdpyURw82xJJBtXK; path=/; maxAge=-1; domain=null}
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.service.impl.grouprpc.PreferredNodes] [] -> indices to addresses -> [IP1, IP2]
2016-04-26 10:42:26,912 DEBUG [org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl] setAttr(oldKey: v76zVxxdpyURw82xJJBtXK, newKey: rOjzUTXlkVKfVCB2yceOXN, name: HtmlFormIdpAuthnAdapter:WatsonHTML:SESSION)
2016-04-26 10:42:26,912 DEBUG [org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl] setAttr: new size of attribute map=110
2016-04-26 10:42:26,912 DEBUG [com.pingidentity.jgroups.MuxInvocationHandler] invocation of setAttr on InterReqStateMgmtMapImpl state map size:8 attributes map size110
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.service.impl.grouprpc.InterRequestStateMgmtGroupRpcImpl] called mode:GET_MAJORITY setAttr() on [IP1, IP2]
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.service.impl.grouprpc.PreferredNodes] [] -> indices to addresses -> [IP1, IP2]
2016-04-26 10:42:26,912 DEBUG [org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl] setAttr(oldKey: rOjzUTXlkVKfVCB2yceOXN, newKey: rOjzUTXlkVKfVCB2yceOXN, name: HtmlFormIdpAuthnAdapter:WatsonHTML:last-activity)
2016-04-26 10:42:26,912 DEBUG [org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl] setAttr: new size of attribute map=110
2016-04-26 10:42:26,912 DEBUG [com.pingidentity.jgroups.MuxInvocationHandler] invocation of setAttr on InterReqStateMgmtMapImpl state map size:8 attributes map size110
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.service.impl.grouprpc.InterRequestStateMgmtGroupRpcImpl] called mode:GET_MAJORITY setAttr() on [IP1, IP2]
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.service.impl.grouprpc.PreferredNodes] [] -> indices to addresses -> [IP1, IP2]
2016-04-26 10:42:26,912 DEBUG [org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl] setAttr(oldKey: rOjzUTXlkVKfVCB2yceOXN, newKey: rOjzUTXlkVKfVCB2yceOXN, name: HtmlFormIdpAuthnAdapter:WatsonHTML:first-activity)
2016-04-26 10:42:26,912 DEBUG [org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl] setAttr: new size of attribute map=110
2016-04-26 10:42:26,912 DEBUG [com.pingidentity.jgroups.MuxInvocationHandler] invocation of setAttr on InterReqStateMgmtMapImpl state map size:8 attributes map size110
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.service.impl.grouprpc.InterRequestStateMgmtGroupRpcImpl] called mode:GET_MAJORITY setAttr() on [IP1, IP2]
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.servlet.HttpServletRespProxy] adding lazy cookie Cookie{pf-hfa-WatsonHTML-rmu=; path=/; maxAge=0; domain=null} replacing null
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.websso.authn.AdapterAuthnProcessor] adapterResponse=SUCCESS
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.util.log.AttributeMap] Ignoring attempt to add null value to attribute map for context.TargetResource
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.util.log.AttributeMap] Ignoring attempt to add null value to attribute map for USER_KEY
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.util.log.AttributeMap] Ignoring attempt to add null value to attribute map for USER_NAME
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI DEBUG [org.sourceid.saml20.domain.AttributeMapping] Source attributes:{context.ClientIp=CLIP, context.OAuthScopes=openid, username=MYLOGIN, DN=CN=My Name,OU=Users,OU=xx,OU=xx,DC=xx,DC=yy,DC=co,DC=uk, org.sourceid.saml20.adapter.idp.authn.authnInst=1461663746912, context.ClientId=UAT-Watson, context.HttpRequest=/as/Z3XeL/resume/as/authorization.ping} Resulting attributes:{}
2016-04-26 10:42:26,912 tid:uWXoT4raO7G-Cx8LMtl6ioqtvuI ERROR [org.sourceid.oauth20.handlers.HandleAuthorizationRequest] Exception occurred during request processing
org.sourceid.websso.profiles.ProcessRuntimeException: Mapping into unique user key resulted in null or empty value from source attributes
at org.sourceid.oauth20.domain.UserKeyAttrMapping.execMapping(UserKeyAttrMapping.java:50) ~[pf-protocolengine.jar:?]
at org.sourceid.oauth20.domain.UserKeyAttrMapping.execMapping(UserKeyAttrMapping.java:38) ~[pf-protocolengine.jar:?]
Ich bin verwirrt, warum es erhält NULL-Werte für USER_KEY und USER_NAME, obwohl die Antwort des IdP-Adapters ERFOLGREICH ist.
Kann jemand helfen?
danke
Woher kam displayName? Hatte es einen Wert? Ich frage, weil ich es im Log-Ausschnitt nichts gesetzt sehe ... –
Ich bekomme es von HTML-Formularadapter, der es von AD zieht. Ich kann nicht mit Sicherheit sagen, ob es einen Wert hatte. Ich vermutete –
Führen Sie eine LDAP-Suche. Ich sehe keinen Wert, der vom Adapter in Ihrem Protokoll-Snippet zurückgegeben wird. –