フィードバックを送信
legacy-knowledge-base
公開されました Jul. 2, 2025

Liferayのアップグレード後、SAMLが機能しなくなりました。

投稿者

Justin Mann

knowledge-article-header-disclaimer-how-to

knowledge-article-header-disclaimer

legacy-article

learn-legacy-article-disclaimer-text

問題

  • LiferayをLiferay DXP 7.0からLiferay DXP 7.2にアップグレードした後、SAMLが機能しなくなり、ユーザーがSAMLを使って認証できなくなりました。 Identity Providerだけでなく、Service Providerのログにも、それぞれ以下のエラーが表示される可能性があります。
  • アイデンティティ・プロバイダ:
2020-09-15 21:54:31.402 ERROR [http-nio-8080-exec-3][BaseSamlStrutsAction:59] com.liferay.saml.runtime.SamlException: com.liferay.saml.runtime.exception.CredentialException: Credential is required
2020-09-15 21:54:40.318 ERROR [liferay/scheduler_dispatch-5][BasicParserPool:50] XML Parsing Error
org.xml.sax.SAXParseException; lineNumber: 37; columnNumber: 12; DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.
	at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
	at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
	at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source)
	at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
	at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
	at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
	at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
	at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
	at net.shibboleth.utilities.java.support.xml.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:759)
	at net.shibboleth.utilities.java.support.xml.BasicParserPool.parse(BasicParserPool.java:243)
	at org.opensaml.core.xml.util.XMLObjectSupport.unmarshallFromInputStream(XMLObjectSupport.java:229)
	at com.liferay.saml.opensaml.integration.internal.util.MetadataUtilImpl.parseMetadataXml(MetadataUtilImpl.java:112)
	at com.liferay.saml.persistence.service.impl.SamlIdpSpConnectionLocalServiceImpl.updateMetadata(SamlIdpSpConnectionLocalServiceImpl.java:190)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.liferay.portal.spring.aop.AopMethodInvocationImpl.proceed(AopMethodInvocationImpl.java:50)
	at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:69)
	at com.liferay.portal.spring.aop.AopMethodInvocationImpl.proceed(AopMethodInvocationImpl.java:57)
	at com.liferay.portal.spring.aop.AopInvocationHandler.invoke(AopInvocationHandler.java:49)
	at com.sun.proxy.$Proxy476.updateMetadata(Unknown Source)
	at com.liferay.saml.runtime.internal.messaging.SamlMetadataMessageListener.updateSpMetadata(SamlMetadataMessageListener.java:179)
	at com.liferay.saml.runtime.internal.messaging.SamlMetadataMessageListener.doReceive(SamlMetadataMessageListener.java:106)
	at com.liferay.portal.kernel.messaging.BaseMessageListener.receive(BaseMessageListener.java:26)
	at com.liferay.saml.runtime.internal.messaging.SamlMessageListener.receive(SamlMessageListener.java:36)
	at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageListenerWrapper._processMessage(SchedulerEventMessageListenerWrapper.java:127)
	at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageListenerWrapper.receive(SchedulerEventMessageListenerWrapper.java:98)
	at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(InvokerMessageListener.java:74)
	at com.liferay.portal.messaging.internal.ParallelDestination$1.run(ParallelDestination.java:56)
	at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask._runTask(ThreadPoolExecutor.java:752)
	at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask.run(ThreadPoolExecutor.java:664)
	at java.lang.Thread.run(Thread.java:748)
2020-09-15 21:54:40.320 WARN  [liferay/scheduler_dispatch-5][SamlMetadataMessageListener:192] Unable to refresh SP metadata for samlsp: Unable to parse SAML metadata from http://samlsp:9080/c/portal/saml/metadata
  • サービス・プロバイダ:
2020-09-15 21:54:32.833 ERROR [liferay/scheduler_dispatch-4][BasicParserPool:50] XML Parsing Error
org.xml.sax.SAXParseException; lineNumber: 37; columnNumber: 12; DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.
	at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
	at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
	at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source)
	at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
	at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
	at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
	at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
	at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
	at net.shibboleth.utilities.java.support.xml.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:759)
	at net.shibboleth.utilities.java.support.xml.BasicParserPool.parse(BasicParserPool.java:243)
	at org.opensaml.core.xml.util.XMLObjectSupport.unmarshallFromInputStream(XMLObjectSupport.java:229)
	at com.liferay.saml.opensaml.integration.internal.util.MetadataUtilImpl.parseMetadataXml(MetadataUtilImpl.java:112)
	at com.liferay.saml.persistence.service.impl.SamlSpIdpConnectionLocalServiceImpl.updateMetadata(SamlSpIdpConnectionLocalServiceImpl.java:187)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.liferay.portal.spring.aop.AopMethodInvocationImpl.proceed(AopMethodInvocationImpl.java:50)
	at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:69)
	at com.liferay.portal.spring.aop.AopMethodInvocationImpl.proceed(AopMethodInvocationImpl.java:57)
	at com.liferay.portal.spring.aop.AopInvocationHandler.invoke(AopInvocationHandler.java:49)
	at com.sun.proxy.$Proxy741.updateMetadata(Unknown Source)
	at com.liferay.saml.runtime.internal.messaging.SamlMetadataMessageListener.updateIdpMetadata(SamlMetadataMessageListener.java:148)
	at com.liferay.saml.runtime.internal.messaging.SamlMetadataMessageListener.doReceive(SamlMetadataMessageListener.java:109)
	at com.liferay.portal.kernel.messaging.BaseMessageListener.receive(BaseMessageListener.java:26)
	at com.liferay.saml.runtime.internal.messaging.SamlMessageListener.receive(SamlMessageListener.java:36)
	at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageListenerWrapper._processMessage(SchedulerEventMessageListenerWrapper.java:127)
	at com.liferay.portal.kernel.scheduler.messaging.SchedulerEventMessageListenerWrapper.receive(SchedulerEventMessageListenerWrapper.java:98)
	at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(InvokerMessageListener.java:74)
	at com.liferay.portal.messaging.internal.ParallelDestination$1.run(ParallelDestination.java:56)
	at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask._runTask(ThreadPoolExecutor.java:752)
	at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask.run(ThreadPoolExecutor.java:664)
	at java.lang.Thread.run(Thread.java:748)
2020-09-15 21:54:32.836 WARN  [liferay/scheduler_dispatch-4][SamlMetadataMessageListener:161] Unable to refresh IdP metadata for samlidp: Unable to parse metadata from http://samlidp:8080/c/portal/saml/metadata: Unable to parse inputstream, it contained invalid XML
15-Sep-2020 21:54:34.012 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [40,485] milliseconds
2020-09-15 21:54:34.365 ERROR [http-nio-9080-exec-1][BaseSamlStrutsAction:59] com.liferay.saml.runtime.SamlException: net.shibboleth.utilities.java.support.logic.ConstraintViolationException: Credential cannot be null

環境

  • Liferay DXP 7.0+

解決

  • Liferayをあるバージョンから別のバージョンにアップグレードする場合、ユーザーは古いバージョンで生成されたSAML証明書を新しいバージョンに移行するか、新しいバージョンでSAML証明書を更新する必要があります。そうしないと、アップグレードプロセス後にSAMLが機能しなくなります。これは、Liferayがこれらのファイルを参照する際に、Liferayインストールを基準とした相対パスを使用するため、古いバンドルではなく新しいバンドル内のファイルを検索するためです。
  • 古いバージョンのLiferayから新しいバージョンのSAML証明書を移動するか、新しいバージョンのSAML証明書をリフレッシュすると、SAMLが再び動作し始め、ユーザーが認証できるようになるはずです。
did-this-article-resolve-your-issue
legacy-knowledge-base
did-this-article-resolve-your-issue