【发布时间】:2019-03-04 21:53:49
【问题描述】:
我尝试只使用没有 cf 的 UAA 服务和其他服务。 使用快速入门,我已经在 Cent OS 7 的 vmware vSphere 虚拟机上安装了 UAA 服务。我将主机名设置为 vm。我使用以下方式运行它:
CLOUD_FOUNDRY_CONFIG_PATH=/tmp/config/ ./gradlew run
uaa:
url: http://uaa-sp.intra.mydomain.com:8080/uaa
host: uaa-sp.intra
aplications:
host: uaa-sp.intra
env:
UAA_URL: http://uaa-sp.intra.mydomain.com:8080/uaa/
LOGIN_URL: http://uaa-sp.intra.mydomain.com:8080/uaa/
scim:
users:
- admin@mydomain.com|123456|uaa.admin,clients.secret,scim.write,scim.read,openid
login:
serviceProviderKey: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
serviceProviderCertificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
我可以访问它,但如果我尝试获取 SP saml 元数据,它会使用 Location "localhost"
生成它<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="cloudfoundry-saml-login" entityID="cloudfoundry-saml-login"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#cloudfoundry-saml-login"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>nEMzJnjHoN4jIZSP+a1Jk01SbJA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>XosmlNR5OckP7gUUrl6VVdDxs38kHO5Hq6PfMMJJG7xKT1UtYbes0tmLZR4cTOVwlZrFAyBY9liHq9heq0Q/zg5NAfP2hBmckvtkRTJlNXAJzlIkcFgoOmqFjCQ4EFhF5uK6JrnTHdoEEBWrhc53nGu++w1FqbeE4QkOm8B52no=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>...</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>...</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>...</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/uaa/saml/SingleLogout/alias/cloudfoundry-saml-login"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/uaa/saml/SingleLogout/alias/cloudfoundry-saml-login"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/uaa/saml/SSO/alias/cloudfoundry-saml-login" index="0" isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://localhost:8080/uaa/oauth/token/alias/cloudfoundry-saml-login" index="1"/>
</md:SPSSODescriptor></md:EntityDescriptor>
如果我同时执行 uaac 上下文,我会得到正确的地址
[root@uaa-sp ~]# uaac context
[0]*[http://uaa-sp.intra.mydomain.com:8080/uaa]
如何正确配置 uaa.yml 以便获得正确的 sp 元数据?我找不到有关 uaa.yml 的信息。或者如果没有包括整个 CloudFoundry 服务在内的整个 CloudFoundry 服务就无法配置此服务?
【问题讨论】:
标签: single-sign-on cloud-foundry saml-2.0 cloudfoundry-uaa