问题产生授权代码的oauth2 SAML授权使用的java的HTTPClient(Issues ge

2019-10-31 06:36发布

我试图自动化令牌生成(授权码,然后访问/ JWT令牌)的过程,然后将用于打APIC的/ API的。

:我用下面dumy域/范围/重定向URI /参数出于安全原因。

如何生成的令牌手动 :我得到了下面的URL生成授权码

代码生成网址 : https://sample.domain.com/affwebservices/public/saml2sso?SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope% 3DScope%20Value%26path%3Dtestqainternalpath3

当我在浏览器中手动打这个,弹出窗口和我所提供的用户名(LDAP)和密码。 之后,它被重定向到不同的URL,终于拥有了授权码下面的网址。

https://testqa3members.domain.com/ApiHandler/home ? 代码= AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI

步骤我试图生成使用“阿帕奇HttpClient的”令牌

  • 第1步:提交“代码生成URL”,通过设置“setCredentials方法” GET请求
  • 第2步:获取重定向的URL列表
  • 步骤3:检索最后重定向URL
  • 步骤4:提交POST请求与上次重定向URL来获取授权码

获取代码

DefaultHttpClient httpclient = new DefaultHttpClient();

System.out.println("Adding Paramters to a Array List as NameValuePair");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("SPID", "testqaapi2p3"));
//params.add(new BasicNameValuePair("RelayState", "response_type=code"));
params.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=testqainternalpath3"));

System.out.println("Parameters List:" + params);

System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
URI uri = new URIBuilder(authUrl)
        .addParameters(params)
        .build();
System.out.println("Built URI:" + uri);

httpclient.getCredentialsProvider().setCredentials(new AuthScope(null, AuthScope.ANY_PORT), new UsernamePasswordCredentials(userName, password));

System.out.println("Creating HTTPGET with the Created URI");
HttpGet get = new HttpGet(uri);
System.out.println("HttpGet:" + get);

System.out.println("Creating Client Context");
HttpClientContext context = HttpClientContext.create();
System.out.println("Created Client Context:" + context);

System.out.println("Executing the GET Method with the created Client Context");
HttpResponse response = httpclient.execute(get, context);
System.out.println("HttpResponse:" + response);

System.out.println("Getting the Final URI from the Submitted Get Method");
URI finalUrl = get.getURI();
System.out.println("Final URL:" + finalUrl);

System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
List<URI> locations = context.getRedirectLocations();
System.out.println("List of URI:" + locations);

if (locations != null) {
    finalUrl = locations.get(locations.size() - 1);
}
System.out.println("Taking the last URL as Final:" + finalUrl);

这是我从一开始requestReferer, 最后重定向URL recived最后浏览的网址 : https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps ://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

邮编

HttpPost postReq = new HttpPost(finalUrl);

        postReq.addHeader("Content-Type", "text/html"); 
        postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
        postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

        HttpResponse responsePost = httpclient.execute(postReq,context);
        System.out.println("Post Response:" + responsePost);

输出:但我得到一个500 -内部服务器错误的POST请求HTTP / 1.1 500内部服务器错误[日期:星期一,2018年2月19日8时05分十二秒GMT,服务器:Apache / 2.4.23(Win32的)的OpenSSL / 1.0.2h-FIPS MOD_JK / 41年2月1日,内容语言:zh,内容长度:1259,连接:关闭,内容类型:text / html的; 字符集= UTF-8] org.apache.http.conn.BasicManagedEntity@1147d0

我的分析至今 :我尝试用眼看“火狐”浏览器和开发工具的网络选项提交请求。 我看到的是一个POST请求被submited与“最后的重定向URL”的授权端点与下面的参数。 和302个状态码被用于与位置标头(可用的代码相同的检索https://testqa3members.domain.com/ApiHandler/home?code=AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI )与所述报头的X背面-交通:失败失败失败作为失败

授权端点URL: https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize

:引用站点: https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home% 26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID = 863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

参数 :的RelayState:RESPONSE_TYPE =代码&CLIENT_ID = Client_ID_Value&REDIRECT_URI = https://testqa3members.domain.com/ApiHandler/home&scope=Scope+Value&path=testqainternalpath3

SAMLResponse:PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl c3RpbmF0aW9uPSJodHRwczovL3FhYXBpMi5hZXRuYS5jb20vaGVhbHRoY2FyZS9xYWludHBhdGgz L3YzL2F1dGgvb2F1dGgyL3NhbWxhdXRob3JpemUiIElEPSJfODQ1NzEzYjc1MDQ1N2YzN2YyZjAw ZmFkZWRmMDk2NTQ3ZGMzIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDItMTlUMDg6MDQ6NTdaIiBWZXJz aW9uPSIyLjAiPg0KICAgIDxuczE6SXNzdWVyIHhtbG5zOm5zMT0idXJuOm9hc2lzOm5hbWVzOnRj OlNBTUw6Mi4wOmFzc2VydGlvbiIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6 bmFtZWlkLWZvcm1hdDplbnRpdHkiPkFldEhlYWx0aENh ... zdGFudD0iMjAxOC0wMi0xOVQwODowNDo1N1oi IFNlc3Npb25JbmRleD0iWkVNcERvYndNK3M0OVU5S1lIdnY1ZGJNc0JBPXByRXo5dz09IiBTZXNz aW9uTm90T25PckFmdGVyPSIyMDE4LTAyLTE5VDA4OjA2OjI3WiI + DQogICAgICAgICAgICA8bnMy OkF1dGhuQ29udGV4dD4NCiAgICAgICAgICAgICAgICA8bnMyOkF1dGhuQ29udGV4dENsYXNzUmVm PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9uczI6QXV0 aG5Db250ZXh0Q2xhc3NSZWY + DQogICAgICAgICAgICA8L25zMjpBdXRobkNvbnRleHQ + DQogICAg ICAgIDwvbnMyOkF1dGhuU3RhdGVtZW50Pg0KICAgIDwvbnMyOkFzc2V ydGlvbj4NCjwvUmVzcG9u c2U +

我的增强复制上面

List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=qaintpath3"));

    URI postURL = new URIBuilder("https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize")
            .addParameters(postParams)
            .build();

    HttpPost postReq = new HttpPost(postURL);
    postReq.addHeader("Content-Type", "text/html"); 
    //postReq.addHeader("Connection", "close"); 
    postReq.addHeader("Referer", finalUrl.toString());
    postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
    postReq.addHeader("Connection", "keep-alive");
    postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

    HttpResponse responsePost = httpclient.execute(postReq,context);
    System.out.println("Post Response:" + responsePost);

输出:不过,我得到的302个状态200状态码欧洲工商管理学院。 HTTP / 1.1 200 OK [X-背面-交通:OK OK,...]

问题:1,什么是被如上参数传递的SAMResponse? 2.为什么我得到一个200个状态与X-背面-交通:确定确定的,而不是用X-背面,交通运输300个状态码:失败失败3.我失去了一些东西?

任何人都可以请帮我这个?

注意:一旦我得到的授权码,我将使用Solution从这个链接( 使用Apache的OAuth客户端2.0库在Java中与生成授权码和用户令牌问题产生的访问)/ JWT令牌是利用打APIC的/ API的

文章来源: Issues generating Authorization Code for Oauth2 SAML Authorize using HTTPClient java