问题描述
有时 (?) WSO2 IS 用户无法通过以下异常进行身份验证.重试时,用户将被验证.任何想法可能是原因/解决方案?我们设置了会话缓存.
Occasionally (?) the WSO2 IS user is unable to authenticate with following exception. When retrying, the user will be authenticated. Any ideas what could be reason / resolution? We set up the session caching.
使用 WSO2 身份服务器 5.0.0.SP1/SAML 身份验证,并将身份验证器设置为高级(单步,多个选项).我找不到要检出的正确源代码提交(以匹配异常中的行号)
Using WSO2 Identity Server 5.0.0.SP1 / SAML authentication with the authenticator set to advanced (single step, multiple options). I cannot find the correct source code commit to check out (to match the line number in the exception)
先谢谢大家加布里埃尔
TID: [0] [IS] [2016-02-15 13:07:22,914] 错误{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}- 身份验证框架中的异常 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}java.lang.NullPointerException 在org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:83)在org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:121)在org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:94)在org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)在org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doGet(CommonAuthenticationServlet.java:44)在 javax.servlet.http.HttpServlet.service(HttpServlet.java:735) 在javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
WSO2 IS 5.1.0 也会出现这个异常
This exception occurs on the WSO2 IS 5.1.0 too
参见源代码第105行
StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(currentStep);
// if the current step is completed
if (stepConfig.isCompleted()) {
stepConfig.setCompleted(false);
ERROR org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework
java.lang.NullPointerException
at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:105)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:115)
它看起来像是从身份验证配置中消失"了 stepConfig.设置在单个节点上完成,会话持久化到数据库中.
it looks like the stepConfig 'dissapeared' from the authentication config. The setup is done on a single node with session persistence into a database.
推荐答案
显然是并发问题.
当多个并发请求发送到 SSO 端点而用户已经通过身份验证时,所有线程都在尝试处理修改相同身份验证上下文对象(currentStep 计数器)的请求,因此缓存的身份验证上下文变为无效状态.
When multiple concurrent requests are sent to the SSO endpoint while the user is already authenticated, all threads are attempting to process the request modifying the same authentication context object (currentStep counter) so the cached authentication context comes to an invalid state.
有效用例是客户端应该只向 SSO 端点发送一个请求,因此处理 UI 的团队必须修复它.但是 - 这只是一个快速解决方案,不能长期防止问题.我们必须真正用 WSO2 来解决它(也许自己修复代码):)
Valid use case is that the client should send only a single request to the SSO endpoint, so the team dealing with the UI have to fix it. But - that's only the a quick fix not preventing the issue in long term. We have to really pick it up with WSO2 (and fix the code ourselves maybe) :)
g.
这篇关于使用步骤验证器时出现 WSO2IS NullPointerException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!