问题描述
SSL 配置不适用于 httpd ModJk 重定向到 jboss Web 应用程序,该应用程序通过用于单点登录的 fedlet saml2 方法与 OpenAM 集成。
由于我是第一次这样做,所以我请求对此提供一些帮助。我正在尝试通过用于单点登录的 fedlet saml2 方法为与 OpenAM(版本 11)集成的 Java Web 应用程序启用 SSL 配置。 SSL 配置完成,然后使用 httpd、modjk 和 openAM Fedlet 请求重定向到 JBOSS 以进行单点登录。在 OpenAM(版本 11)服务器控制台中,我通过配置 https 应用程序 URL 生成了 Fedlet,并在我们的应用程序中使用相同的 conf 文件夹与 openAM ldap 身份验证进行通信。当我在浏览器中点击应用程序 URL 时,请求被重定向到 OpenAM 进行 ldap 身份验证,并且在验证 LDAP 凭据后,它没有登录到应用程序。
遵循的步骤:
1 OpenAM deployed tomcat server is configured with SSL certificate using connector tag. 2 By accessing openAM console,created IDP server name (https://auth.test.app.com:443). 3 After that,i created fedlet in OpenAM for my web application by giving URL (https://auth.test.app.com:443/MyWebApplication) 4 Web Application is configured with conf folder of fedlet that was generated and deployed into jboss servers 5 openssl installed into apache httpd server and ssl configurations are made for ssl.conf,httpd.conf and modjk.conf files as specified in below (plz refer all configurations section provided below) 6 I am able to access app URL(https://auth.test.app.com/MyWebApplication/) in browser only when i did put entry into my local machine /etc/hosts/ file but i am doing all these changes in unix Box server(I should access URL in public internet but Not sure if i miss anything i am not able to access until i register in my local machine hosts file. With http option,i am able to access without registering domain in my local machine hosts file,when try to configure https,URLs is not accessible until I register domain in local hosts file). 7 When i browse app URL https://auth.test.app.com/MyWebApplication/,It is redirecting to OpenAM server URL(https://auth.test.app.com/Signin/UI/Login) for ldap authentication. 8 After entering ldap credentials in OpenAM login URL,THEN it is not logging into my application using https protocol,it is breaking and no logs observed. The whole process is working fine when using HTTP protocol but it is failing when trying to configure HTTPS.
工艺流程图:
Click Here To See Flow Diagram
服务器详细信息:
APP URLs --> https://auth.test.app.com/MyWebApplication/,https://auth.test.app.com
MOd jk server --> 10.xx.xxx.143
OpenAM server --> 10.xx.xxx.152 (openAM console can be accessed using URL https://auth.test.app.com)
Jboss_servers --> 10.xx.xxx.111,10.xx.xxx.222
所有配置文件
##----SSL.conf------##
default values
-------
----
Listen 443 https
<VirtualHost _default_:443>
ServerName auth.test.app.com
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile "/etc/apache2/2.2/server.crt"
SSLCertificateKeyFile "/etc/apache2/2.2/server.pem"
#My Web application using ajp protol
ProxyPass /* ajp://10.xx.xxx.111:443/MyWebApplication/
ProxyPassReverse /* ajp://10.xx.xxx.111:443/MyWebApplication/
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
#mounting jk property file
JkMount /* worker
</VirtualHost>
##----httpd.conf--------##
default values
-------
----
IncludeOptional conf.d/SSL.conf
##------modjk.conf--------##
default values
-------
----
JkMountFile conf/UriWorkerMap.properties
JkWorkersFile /etc/httpd/conf/worker.properties
<Location /jkstatus/>
JkMount statusmanager
Order deny,allow
Allow from all
</Location>
##----UriWorkerMap.proeperties---------##
#APP Load Balancer
/MyWebApplication=applb
/MyWebApplication/*=applb
#OpenAM Server
/Signin=Signlb
/Signin/*=Signlb
##----worker.properties-----------------##
#Log
workers.apache_log=/var/log/httpd
#Worker List
worker.list=applb,approute1,approute2,Signlb,status
worker.status.type=status
worker.approute1.type=lb
worker.approute1.sticky_session=True
worker.approute1.balance_workers=node1
#Jboss Node1
worker.node1.port=8009
worker.node1.host=10.xx.xxx.111
worker.node1.redirect=node2
worker.node1.type=ajp13
worker.node1.lbfactor=1
#Jboss Node 2
worker.approute2.type=lb
worker.approute2.sticky_session=True
worker.approute2.balance_workers=node2
worker.node2.port=8009
worker.node2.host=10.xx.xxx.222
#OpenAM Server Route
worker.node4.port=8009
worker.node4.host=10.xx.xxx.152
worker.node4.type=ajp13
worker.node4.lbfactor=1
worker.Signlb.type=lb
worker.Signlb.sticky_session=True
worker.Signlb.balance_workers=node4
##----OpeanAM-Tomcat Connector----##
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableuploadTimeout="true" enableLookups="false" maxThreads="25"
port="443" keystoreFile="/path/jksfile/keystorefile.jks" keystorePass="Password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" redirectPort="8443"/>
##---JBOSS -connector--------------##
<connector name="https" protocol= "org.apache.coyote.http11.Http11NioProtocol" scheme="https" socket-binding="https" secure="true">
<ssl name="jboss7_ssl" password="Password" certificate-key-file="/path/jksfile/keystorefile.jks" protocol="TLSv1+TLSv1.1+TLSv1.2"/>
</connector>
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)