问题描述
我已使用 WAS Liberty Profile 版本 WebSphere Application Server 21.0.0.7/wlp-1.0.54.cl210720210629-1900
配置 OIDC 身份验证(外部 OP)。
在测试时,OIDC 认证成功,我在浏览器上看到 WAS 设置的以下 cookie:
- JSESSIONID
- WASReqURLOidcp1059877004
- WASReqURLOidcp825245628
- WAS_n1263819336
- WAS_n1832376351
- WAS_p2129763847
- WASOidcStaten765589445
- WASOidcCode
我确实在服务器启动期间在我的 messages.log
中看到了这些消息:
0000003b com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager I CWWKS4103I:创建 LTPA 密钥。这可能需要几秒钟。 0000003b com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager A CWWKS4104A:LTPA 密钥在 0.337 秒内创建。 LTPA 密钥文件:jv-ltpa.keys 0000003b com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask I CWWKS4105I:LTPA 配置在 0.341 秒后准备就绪。
此外,在我的 server.xml
中,我没有明确禁用 LTPA 令牌或 cookie 生成。
disableLtpaCookie="false"
为什么我的浏览器中没有设置 LTPA cookie?
这是我的server.xml
<?xml version="1.0" encoding="UTF-8"?>
<server description="Default Server">
<!-- Enable features -->
<featureManager>
<feature>javaee-8.0</feature>
<feature>microProfile-3.0</feature>
<feature>adminCenter-1.0</feature>
<feature>appSecurity-2.0</feature>
<feature>openidConnectClient-1.0</feature>
<feature>transportSecurity-1.0</feature>
</featureManager>
<openidConnectClient id="oidcBridge" clientId="removed"
clientSecret="removed"
discoveryEndpointUrl="https://my-op.com/.well-kNown/openid-configuration" signatureAlgorithm="RS256"
jwkEndpointUrl="https://my-op.com/.well-kNown/jwks.json" disableLtpaCookie="false"
allowDefaultSsoCookieName="true">
</openidConnectClient>
<basicRegistry id="basic">
<user name="admin" password="admin" />
<user name="user1" password="user1" />
<user name="user2" password="user2" />
<group name="users">
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
<administrator-role>
<user>admin</user>
</administrator-role>
<!-- To allow access to this server from a remote client host="*" has been added to the following element -->
<httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" />
<!-- Automatically expand WAR files and EAR files -->
<applicationManager autoExpand="true" />
<keyStore id="defaultKeyStore" password="removed" location="${server.config.dir}/jv-trust.p12" type="PKCS12" />
<ltpa keysFileName="jv-ltpa.keys" keysPassword="removed" expiration="1200" />
<webAppSecurity singleSignonEnabled="true" ssodomainNames="app1.com" allowFailoverToBasicAuth="true"
ssoRequiresSSL="false" />
<application context-root="snoop" id="DefaultApplication"
location="${server.config.dir}/apps/DefaultApplication.ear" name="DefaultApplication" type="ear">
<application-bnd>
<security-role name="All Role">
<special-subject type="ALL_AUTHENTICATED_USERS" />
</security-role>
</application-bnd>
</application>
</server>
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)