나는 사용하고있다히볼레스단일 사용자 인증의 경우 사용자 인증 프로세스를 용이하게 하기 위해 SSL 구성이 필요합니다. 이전에는 모든 것이 잘 작동했지만 지금은 직면하고 있습니다.SSL 핸드셰이크 실패오류 및 보안 연결은 무시됩니다.
오류 기록:
다음은 Shibbolet 오류 로그입니다.
2012-09-20 15:14:59 DEBUG Shibboleth.Listener [17]: dispatching message (default/SAML/POST)
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1POST [17]: validating input
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1POST [17]: decoded SAML response:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2012-09-20T13:10:43.494Z" MajorVersion="1" MinorVersion="1" Recipient="https://inami-riziv.dokeosnet.com/Shibboleth.sso/SAML/POST" ResponseID="_faf482981786daacf938e158e87d75f8"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#_faf482981786daacf938e158e87d75f8">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>qgvrV2yDB88HKXStzqT3sFrpLlo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ifKK73UUbsOxqpsnfGcloErG5Vsrklckv/xpbsMAWDzrTm8ZvWjaLru0d7smEYmKFXdkJ/JayAXW
cM5aAKAwazWM7tj5YYvY3bTFlq4k/qI3GR46Kr5apGKkTEtDR9DkZDJ6N2+/vqOvdIxwefdFvaPs
FzsrZeGkt+IAcKmgCFZ78/2tbfckYd4sFGko0Lw3nIl9/dac03OJUsUVuScsiEVd6f/DjzedHgkk
3DD0xR2HFIY5MQzDdztz1f4PyuGFdXiyauUtm2bF+7XULQ8XwfGd+K0qIMOKBykTQuq0ijL+PpgZ
jRr3G2ylqSsJ1/NIwT6pRG79gJlcw55RB25XzA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIE0DCCA7igAwIBAgILAQAAAAABMu4tWh8wDQYJKoZIhvcNAQEFBQAwNDELMAkGA1UEBhMCQkUx
FjAUBgNVBAMTDUdvdmVybm1lbnQgQ0ExDTALBgNVBAUTBDIwMTAwHhcNMTExMDEwMTUwMTMyWhcN
MTMwMTEwMTUwMTMyWjCBrTEcMBoGA1UEAxMTQ0JFPTA4MDkzOTQ0MjcsIElBTTELMAkGA1UEBhMC
QkUxDDAKBgNVBAsTA0lBTTEXMBUGA1UECxMOQ0JFPTA4MDkzOTQ0MjcxGTAXBgNVBAsTEEVIRUFM
VEgtUExBVEZPUk0xITAfBgNVBAsTGGVIZWFsdGgtcGxhdGZvcm0gQmVsZ2l1bTEbMBkGA1UEChMS
RmVkZXJhbCBHb3Zlcm5tZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgdTZNoR
CU7urB0+tdDDlVfrplxwcEwp+QoMJpiznNjMHZLxzwzl6PSMc8V7Gd2OGSGSHZJqrDz0643Djo6o
t59Tai2itHy9ZIQle3wmREi9ek86ousZuP6sZDw019xzztFLCaqO1Jfs28sBAeZovZZou7dDuD7w
86lkxvPssdJWZ0MO9FTwsseRoUowfWUfxp8E+3PpYdEy6BxGo5hh13lm2RphbcW0v0ouvR9yqVRh
cYhonol4Yj7nEm6tTc6NmCf2zEaX+F3e2hbj7bzgWJ1wKuhiMuQItLgN/XKhb6/jy44wjLj6IWIS
DH8LVPYITm+ImidDKI7WcGzJhu0IowIDAQABo4IBZzCCAWMwHwYDVR0jBBgwFoAUQZbOhaflXugW
WT0K8YTd8/K7TokwbgYIKwYBBQUHAQEEYjBgMDYGCCsGAQUFBzAChipodHRwOi8vY2VydHMucGtp
LmJlbGdpdW0uYmUvYmVsZ2l1bXJzMi5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5i
ZWxnaXVtLmJlMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgdgOAkBAQMDMC4wLAYIKwYBBQUHAgEW
IGh0dHA6Ly9yZXBvc2l0b3J5LnBraS5iZWxnaXVtLmJlMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6
Ly9jcmwucGtpLmJlbGdpdW0uYmUvZ292ZXJubWVudDIwMTAuY3JsMA4GA1UdDwEB/wQEAwIE8DAR
BglghkgBhvhCAQEEBAMCBLAwHQYDVR0OBBYEFGtvDxQis8EQNHkujqvXW0CGhSbnMA0GCSqGSIb3
DQEBBQUAA4IBAQCDfqrhNJeB+tiesyXiAfuIwz2rJiVANb71VptyPGh96qMHBfU/w9fKdN87cF2J
IHg23ll0MEUo7I8oA2F5Dv0Jw/sB7GovOsosC6QcYzEo/D24vSYKI7Clw3SkKPUcqv3u68IPs8wF
L/Nowmxy6HGAvDlt1fQBpwePVKifGOygUcz0KWHMqNV7IJzyXrF2nbvg3TUJKaDR0zV4CjzLpaCI
IY1wY6e2/08mxf/Q5D7YO3sTxmjixkjRqCKXBCJa0CjXxT3/8Pfg5lHGNr7onIL84SMCZREur5I0
3u64HiqHBtSZaDWrw7d4CcjY/NoPfHO8hmAXEBMTm4zEhG4Nw0+2
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_56927407beba7fd1762d43bb15f71303" IssueInstant="2012-09-20T13:10:43.494Z" Issuer="http://idp.smals-mvm.be/shibboleth" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2012-09-20T13:10:43.494Z" NotOnOrAfter="2012-09-20T13:15:43.494Z"><AudienceRestrictionCondition><Audience>https://inami-riziv.dokeosnet.com/shibboleth</Audience><Audience>urn:be:fgov:ehealth:trust:partners</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant="2012-09-20T13:10:43.494Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="http://idp.smals-mvm.be/shibboleth">_99e6f544a77e9b878ff54a1091c2c603</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress="193.191.246.82"></SubjectLocality></AuthenticationStatement></Assertion></Response>
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1 [17]: extracting issuer from SAML 1.x Response
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1 [17]: response from (http://idp.smals-mvm.be/shibboleth)
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1 [17]: searching metadata for response issuer...
2012-09-20 15:14:59 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [17]: evaluating message flow policy (replay checking on, expiration 60)
2012-09-20 15:14:59 ERROR OpenSAML.SecurityPolicyRule.MessageFlow [17]: rejected expired message, timestamp (1348146643), oldest allowed (1348146659)
2012-09-20 15:19:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 15:34:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 15:42:06 DEBUG Shibboleth.Listener [18]: dispatching message (default::getHeaders::Application)
2012-09-20 15:42:06 DEBUG Shibboleth.Listener [18]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 15:42:06 DEBUG XMLTooling.StorageService [18]: inserted record (9699add17fc90926f21c8fa06efec1e1) in context (RelayState) with expiration (1348149126)
2012-09-20 16:04:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 16:19:53 INFO XMLTooling.StorageService : purged 2 expired record(s) from storage
2012-09-20 16:20:21 DEBUG Shibboleth.Listener [21]: dispatching message (default::getHeaders::Application)
2012-09-20 16:20:21 DEBUG Shibboleth.Listener [21]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 16:20:21 DEBUG XMLTooling.StorageService [21]: inserted record (5bfae2fab27dfd8026a14e253696bc3a) in context (RelayState) with expiration (1348151421)
2012-09-20 16:34:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 16:39:19 DEBUG Shibboleth.Listener [22]: dispatching message (default::getHeaders::Application)
2012-09-20 16:39:19 DEBUG Shibboleth.Listener [22]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 16:39:19 DEBUG XMLTooling.StorageService [22]: inserted record (fbf6b65fc660ed134500345faef56f0a) in context (RelayState) with expiration (1348152559)
2012-09-20 16:43:29 INFO Shibboleth.Listener [15]: detected socket closure, shutting down worker thread
2012-09-20 16:49:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 17:20:55 INFO Shibboleth.Listener [19]: detected socket closure, shutting down worker thread
2012-09-20 17:31:10 INFO Shibboleth.Listener [21]: detected socket closure, shutting down worker thread
2012-09-20 18:21:09 INFO Shibboleth.Listener [18]: detected socket closure, shutting down worker thread
2012-09-20 18:28:29 INFO Shibboleth.Listener [17]: detected socket closure, shutting down worker thread
2012-09-20 18:28:31 INFO Shibboleth.Listener [20]: detected socket closure, shutting down worker thread
2012-09-20 18:48:23 DEBUG Shibboleth.Listener [23]: dispatching message (default::getHeaders::Application)
2012-09-20 18:48:23 DEBUG Shibboleth.Listener [23]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:48:23 DEBUG XMLTooling.StorageService [23]: inserted record (0b316ef6e5acf1da562899feb0b84ec1) in context (RelayState) with expiration (1348160303)
2012-09-20 18:52:26 DEBUG Shibboleth.Listener [24]: dispatching message (default::getHeaders::Application)
2012-09-20 18:52:26 DEBUG Shibboleth.Listener [24]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:52:26 DEBUG XMLTooling.StorageService [24]: inserted record (b89fbe4deecae876148bd470e7aa6f85) in context (RelayState) with expiration (1348160546)
2012-09-20 18:52:38 DEBUG Shibboleth.Listener [25]: dispatching message (default::getHeaders::Application)
2012-09-20 18:52:38 DEBUG Shibboleth.Listener [25]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:52:38 DEBUG XMLTooling.StorageService [25]: inserted record (b76b99286d06dd0ce84da39c9947e344) in context (RelayState) with expiration (1348160558)
2012-09-20 18:53:03 INFO Shibboleth.Listener [16]: detected socket closure, shutting down worker thread
2012-09-20 18:53:27 DEBUG Shibboleth.Listener [26]: dispatching message (default::getHeaders::Application)
2012-09-20 18:53:27 DEBUG Shibboleth.Listener [26]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:53:27 DEBUG XMLTooling.StorageService [26]: inserted record (59fc5fa8d1589ffc94077f4e0e079f38) in context (RelayState) with expiration (1348160607)
2012-09-20 19:00:41 DEBUG Shibboleth.Listener [27]: dispatching message (default::getHeaders::Application)
2012-09-20 19:00:41 DEBUG Shibboleth.Listener [27]: dispatching message (default/Login::run::Shib1SI)
3865,1 99%
오류 로그에서 배운 내용은 다음과 같습니다.
메시지는 5분 동안 유효하고 내가 시간대 2+에 있기 때문에 메시지가 목적지에 도달하면 곧 만료됩니다.
내 질문: 메시지가 유효하게 유지되고 만료되지 않도록 메시지 유효성을 어떻게 설정합니까?
답변1
두 호스트의 시계가 동기화되었는지 확인하십시오. 시간대 는 ntp
문제가 되지 않으며 시계가 동기화되어 있는지 확인하면 됩니다.