saml - 如何修复在 Hue 应用程序中使用 SAML 的错误
问题描述
我在色调应用程序中使用 saml 函数时遇到问题。
我做了所有我需要做的事情:https ://docs.gethue.com/latest/administrator/configuration/server/#saml
环境
操作系统:ubuntu 色调:4.5.0
步骤 1.在下面安装
git gcc python-dev swig openssl xmlsec1 libxmlsec1-openssl
步骤 2.将元数据从 Idp 复制到本地
步骤 3.使用 openssl 制作私钥和认证
步骤 4.设置配置 ini 文件
[[auth]]
backend=libsaml.backend.SAML2Backend
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/saml/host.key
cert_file=/opt/cloudera/security/saml/host.pem username_source=nameid
entity_id=https://myhuedomainname.com/saml2/metadata
步骤 5.获取 hue 元数据并在 Idp 注册
我在https://myhuedomainname.com/saml2/metadata获得了我的色调元数据, 并在我们公司使用的 Idp 注册了它。
我认为我做的一切都是正确的。
但是当我访问https://myhuedomainname.com时,我的浏览器被重定向到:https://myhuedomainname.com/saml2/login/?next=/ 然后我得到了我无法解决的错误
它是一个空屏幕,一次又一次地重定向到相同的 url。
在浏览器控制台中,我收到此错误
i18n.js:17 Uncaught ReferenceError: HUE_I18n is not defined at I18n (i18n.js:17) at Module../desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js (hue-bundle- facb48d1fb2c72ee1343.js:sourcemap:47211) 在webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) 在 Module../desktop/core/src/desktop/js/jquery/jquery.common.js (hue-bundle- facb48d1fb2c72ee1343.js:sourcemap:46742) 在webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) 在 Module../desktop/core/src/desktop/js/hue.js (hue-bundle-facb48d1fb2c72ee1343.js: sourcemap:46485) 在webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) 在 Object.0 (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841) 在webpack_require (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104) 在 checkDeferredModules (hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65)
I18n @ i18n.js:17 ./desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js @hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:47211 webpack_require @hue-bundle-facb48d1fb2c72ee1343.js: sourcemap:104 ./desktop/core/src/desktop/js/jquery/jquery.common.js @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46742 webpack_require @ hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 ./desktop /core/src/desktop/js/hue.js @hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:46485 webpack_require @hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 0 @hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104841 webpack_require@hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:104 checkDeferredModules @hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:65(匿名)@hue-bundle-facb48d1fb2c72ee1343.js:sourcemap:241(匿名)@2huec-bundle-facb343.f1 js:sourcemap:244
bootstrap-tooltip.js:326 Uncaught TypeError: Cannot read property 'fn' of undefined at bootstrap-tooltip.js:326 at bootstrap-tooltip.js:361 (anonymous) @ bootstrap-tooltip.js:326 (anonymous) @ bootstrap -tooltip.js:361
bootstrap-typeahead-touchscreen.js:317 未捕获的类型错误:无法读取 bootstrap-typeahead-touchscreen.js:317 在 bootstrap-typeahead-touchscreen.js:358(匿名)@ bootstrap-typeahead-touchscreen 处未定义的属性“fn”。 js:317(匿名)@bootstrap-typeahead-touchscreen.js:358
bootstrap-better-typeahead.min.js:12 Uncaught TypeError: Cannot read property 'extend' of undefined at bootstrap-better-typeahead.min.js:12 at bootstrap-better-typeahead.min.js:12(匿名)@ bootstrap-better-typeahead.min.js:12(匿名)@ bootstrap-better-typeahead.min.js:12
popover-extra-placements.js:113 Uncaught ReferenceError: jQuery is not defined at popover-extra-placements.js:113 (anonymous) @ popover-extra-placements.js:113
?next=/:123 Uncaught ReferenceError: Dropzone 未定义在 ?next=/:123 (匿名) @ ?next=/:123
下面是hue的日志
[23/Sep/2019 21:50:34 +0000] 中间件 INFO 重定向到登录页面:/ [23/Sep/2019 21:50:34 +0000] 访问 INFO
210.94.41.89, 34.96.109.171 -anon- - " GET / HTTP/1.1" (mem: 158mb)--登录重定向 [23/Sep/2019 21:50:34 +0000] 访问 INFO
210.94.41.89, 34.96.109.171 -anon- - "GET / HTTP/1.1" 返回在 1 毫秒内(内存:158mb)[23/Sep/2019 21:50:34]“GET / HTTP/1.1”302 0 [23/Sep/2019 21:50:34]“GET /static/desktop/js/bundles /hue/hue-bundle-facb48d1fb2c72ee1343.js.map HTTP/1.1" 200 7139914 [23/Sep/2019 21:50:35 +0000] 访问调试 210.94.41.89, 34.96.109.171 -anon- - "GET /saml2/ login/ HTTP/1.1" (mem: 158mb) [23/Sep/2019 21:50:35 +0000] mdstore DEBUG
服务 => {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '类': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', '位置': ' https://sts.secsso.net/adfs/ls/ '}], 'urn:oasis:names: tc:SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ' class ': 'urn:oasis:names: tc:SAML:2.0:metadata&SingleSignOnService', 'location': ' https://sts.secsso.net/adfs/ls/ '}]} [23/Sep/2019 21:50:35 +0000] mdstore 调试服务 = > {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '类': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', '位置': ' https://sts.secsso.net/adfs/ls/ '}], 'urn:oasis:names:tc: SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ' class ': 'urn:oasis:names:tc: SAML:2.0:metadata&SingleSignOnService', 'location': ' https://sts.secsso.net/adfs/ls/ '}]} [23/Sep/2019 21:50:35 +0000] mdstore 调试服务(http: //sts.secsso.net/adfs/services/trust , idpsso_descriptor, single_sign_on_service, None) [23/Sep/2019 21:50:35 +0000] mdstore
DEBUG service => {'urn:oasis:names:tc:SAML :2.0:bindings:HTTP-POST': [{'binding':'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', '类': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', '位置': ' https://sts.secsso.net/adfs/ls/ '}], 'urn:oasis:names:tc: SAML:2.0:bindings:HTTP-Redirect': [{'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ' class ': 'urn:oasis:names:tc: SAML:2.0:metadata&SingleSignOnService', 'location': ' https://sts.secsso.net/adfs/ls/ '}]} [23/Sep/2019 21:50:35 +0000] mdstore 调试服务(http: //sts.secsso.net/adfs/services/trust,idpsso_descriptor,single_sign_on_service,urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect ) [23/Sep/2019 21:50:35 +0000] mdstore 调试服务 => [{'binding': 'urn:oasis:名称:tc:SAML:2.0:bindings:HTTP-Redirect', '类': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', '位置': ' https://sts.secsso.net/adfs/ls/ '}] [23/Sep/2019 21:50: 35 +0000] 提供者的客户端信息目的地: https : //sts.secsso.net/adfs/ls/ [23/Sep/2019 21:50:35 +0000] 实体
信息请求: https://sbc-hue。 mgmt.dev.com/saml2/metadata/ [23/Sep/2019 21:50:35 +0000] 客户端信息 AuthNReq: https ://sbc-hue.mgmt.dev.com/saml2/metadata/ [23/Sep /2019 21:50:35 +0000] entity INFO HTTP REDIRECT [23/Sep/2019 21:50:35 +0000] 视图警告用户正在使用 Hue 3 UI [23/Sep/2019 21:50:35 +0000]装饰师信息
AXES:调用修饰函数:dt_login [23/Sep/2019 21:50:35 +0000] 修饰符 INFO args:(True,) [23/Sep/2019 21:50:35 +0000] 访问 INFO 210.94.41.89, 34.96 .109.171 -anon- - “GET /saml2/login/ HTTP/1.1”在 250 毫秒内返回(内存:158mb)
我用hue 4.0.0版本试过,但它有效
解决方案
我通过设置“redirect_whitelist”解决了这个问题。我只是虽然这不是强制性的。但它是
推荐阅读
- java - 如何设置时间通过 Spring Quartz Schedule 发送短信或在 oracle 中进行存储?
- selenium-webdriver - 需要一个字段作为 Rust 特征的一部分
- html - 尝试循环遍历元素并同时设置样式
- apache-spark - 如何将管道保存到文件模型 PySpark mlflow
- mysql - 默认情况下 MySQL 应该连接到 aws rds 而不是 localhost?
- arrays - 数组中的最小数 [C]
- python - Pandas:如何使用初始值将 pct_change 恢复为原始值?
- xml - 除了子属性之外,循环遍历所有父属性
- api - Stripe API - 在 Node.js 中提取结构化数据
- powerapps - 在电源应用中实现类似按钮