非画廊在家java应用程序与天蓝色活动目录单点登录问题集成 [英] non gallery in house java app integration with azure active directory single sign on issue

问题描述

亲爱的教学支持，



我们有自己的内部应用程序设计的Java tomcat，并在Centos VM的Azure上托管，我们正在使用SAML 2.0和



org.opensaml.saml2.metadata.provider



org.springframework.security.saml
$ b我们的SSO需求$ b

，同时将我们的应用程序与Microsoft Azure活动目录sso与非gallaery应用程序集成，我们接收到以下错误。 



我们已关注https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications

$
请帮助并提供建议



b

错误如下：



HTTP状态401 - 验证失败：收到的SAML邮件无效



类型状态报告



消息身份验证失败：传入的SAML消息无效



说明此请求需要HTTP身份验证。



Apache Tomcat / 7.0.47

$


$

解决方案

此错误通常与SAML IdP配置有关。 

来自故障排除
指南：

分辨率



1.访问ADFS服务器并转到进入Blackboard Learn Instance的依赖方信任。

2.选择属性>端点选项卡。

3.在端点选项卡中将有2个SAML注销端点。

4.删除重定向端点。

5。选择Remove Endpoint将其删除，然后选择Apply并确定。

6.删除Redirect端点后，End SSO Session按钮将正常退出用户。

另请参阅：  https://stackoverflow.com/questions/23059203/http-status-401-authentication-failed-incoming-saml-message-is-无效-与

Dear Teach Support,

We have our own inhouse app designed Java tomcat and hosted on Azure in Centos VM, we are using SAML 2.0 and

org.opensaml.saml2.metadata.provider

org.springframework.security.saml

for our SSO needs , while integrating our app with Microsoft Azure active directory sso with non gallaery app, we are receving following error. 

We have followed https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications

please help and advise



Error as follows:

HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid

type Status report

message Authentication Failed: Incoming SAML message is invalid

description This request requires HTTP authentication.

Apache Tomcat/7.0.47

解决方案

This error usually has to do with the SAML IdP configuration. 

From troubleshooting guide:

Resolution

1. Access the ADFS Server and go into the Relying Party Trust for the Blackboard Learn Instance.
2. Select Properties > Endpoints tab.
3. In the Endpoints tab there will be 2 SAML Logout Endpoints.
4. Remove the Redirect endpoint.
5. Select Remove Endpoint to remove it, then Apply and OK.
6. After removing the Redirect endpoint, the End SSO Session button will work properly signing out the user.

See also: https://stackoverflow.com/questions/23059203/http-status-401-authentication-failed-incoming-saml-message-is-invalid-with

这篇关于非画廊在家java应用程序与天蓝色活动目录单点登录问题集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！