跳到主要内容

SAML 配置问题故障诊断

如果安全断言标记语言(SAML)配置失败,可手动修复 SAML 配置失败的每个节点,然后从故障中恢复。修复过程中,Web 服务器重新启动,且任何处于活动状态的 HTTP 连接或 HTTPS 连接将中断。

关于本任务

配置 SAML 认证时,ONTAP 针对每个节点应用 SAML 配置。启用 SAML 认证时,ONTAP 自动尝试修复有配置问题的每个节点。如果任何节点上有 SAML 配置问题,可禁用 SAML 认证,然后再重新启用 SAML 认证。即便重新启用 SAML 认证后,也可能出现 SAML 配置并没有成功应用到一个或多个节点的情况。可识别 SAML 配置失败的节点,然后再手动修复此节点。

  1. 登录到高级权限级别:set -privilege advanced
  2. 识别 SAML 配置失败的节点:security saml-sp status show -instance

    示例

    cluster_12::*> security saml-sp status show -instance

                             Node: node1
                    Update Status: config-success
                   Database Epoch: 9
       Database Transaction Count: 997
                       Error Text: 
    SAML Service Provider Enabled: false
            ID of SAML Config Job: 179

                             Node: node2
                    Update Status: config-failed
                   Database Epoch: 9
       Database Transaction Count: 997
                       Error Text: SAML job failed, Reason: Internal error. Failed to receive the SAML IDP Metadata file.
    SAML Service Provider Enabled: false
            ID of SAML Config Job: 180
    2 entries were displayed.
  3. 修复 SAML 配置失败的节点:security saml-sp repair -node node_name

    示例

    cluster_12::*> security saml-sp repair -node node2 

    Warning: This restarts the web server. Any HTTP/S connections that are active
             will be disrupted.
    Do you want to continue? {y|n}: y
    [Job 181] Job is running.
    [Job 181] Job success.

    结果

    Web 服务器重新启动,且任何处于活动状态的 HTTP 连接或 HTTPS 连接将中断。

  4. 确认已在所有节点成功配置 SAML :security saml-sp status show -instance

    示例

    cluster_12::*> security saml-sp status show -instance

                             Node: node1
                    Update Status: config-success
                   Database Epoch: 9
       Database Transaction Count: 997
                       Error Text: 
    SAML Service Provider Enabled: false
            ID of SAML Config Job: 179

                             Node: node2
                    Update Status: config-success
                   Database Epoch: 9
       Database Transaction Count: 997
                       Error Text: 
    SAML Service Provider Enabled: false
            ID of SAML Config Job: 180
    2 entries were displayed.