'lasso_saml20_provider_load_metadata' 与 mod_auth_mellon 上的分段错误
Segmentation Fault on 'lasso_saml20_provider_load_metadata' with mod_auth_mellon
我正在尝试使用 mod_auth_mellon 通过 SAML2 进行身份验证。
我已经配置了属性,但是当我访问应用程序页面时,我收到了分段错误。
分析这个问题我在 GDB 上看到这个错误:
Program received signal SIGSEGV, Segmentation fault.
0x00007fea68664357 in lasso_saml20_provider_load_metadata () from target:/lib64/liblasso.so.3
idp-metadata.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="https://my-entity-id-url">
<IDPSSODescriptor>
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDxzCCAq+gAwIBAgIJAKQsXQb9iHdLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
...
...
...
GNV1V7MfHHsu5cg=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDxzCCAq+gAwIBAgIJAKQsXQb9iHdLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
...
...
...
GNV1V7MfHHsu5cg=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://my-slo-url"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://my-sso-url"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://my-sso-url"/>
</IDPSSODescriptor>
</EntityDescriptor>
谢谢!
在 https://jdennis.fedorapeople.org/doc/mellon-user-guide/mellon_user_guide.html 中有一个名为 demo_keycloak_ipa_idp_metadata.xml 的 idp 元数据示例。我根据我的组织属性调整了元数据并且它有效。
我正在尝试使用 mod_auth_mellon 通过 SAML2 进行身份验证。 我已经配置了属性,但是当我访问应用程序页面时,我收到了分段错误。
分析这个问题我在 GDB 上看到这个错误:
Program received signal SIGSEGV, Segmentation fault.
0x00007fea68664357 in lasso_saml20_provider_load_metadata () from target:/lib64/liblasso.so.3
idp-metadata.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="https://my-entity-id-url">
<IDPSSODescriptor>
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDxzCCAq+gAwIBAgIJAKQsXQb9iHdLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
...
...
...
GNV1V7MfHHsu5cg=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDxzCCAq+gAwIBAgIJAKQsXQb9iHdLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
...
...
...
GNV1V7MfHHsu5cg=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://my-slo-url"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://my-sso-url"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://my-sso-url"/>
</IDPSSODescriptor>
</EntityDescriptor>
谢谢!
在 https://jdennis.fedorapeople.org/doc/mellon-user-guide/mellon_user_guide.html 中有一个名为 demo_keycloak_ipa_idp_metadata.xml 的 idp 元数据示例。我根据我的组织属性调整了元数据并且它有效。