---
title: "已注册的ACS URL为[{}]但认证请求包含[{}]——如何解决此Elasticsearch异常"
date: 2026-02-07
lastmod: 2026-02-07
description: "当Elasticsearch中为服务提供商注册的断言消费服务(ACS) URL与认证请求的ACS URL不匹配时，会导致此错误。解决方法是更新已注册的ACS URL或确保认证请求使用正确的ACS URL。"
tags: ["SAML", "认证", "安全", "断言消费服务"]
summary: "版本： 7.7-7.15
 简而言之，当Elasticsearch中为服务提供商注册的断言消费服务(ACS) URL与认证请求的ACS URL不匹配时，就会发生此错误。这种不匹配可能导致认证失败。要解决此问题，您可以更新服务提供商配置中已注册的ACS URL，使其与认证请求中的URL匹配，或者确保认证请求使用服务提供商配置中注册的正确ACS URL。另外，请检查URL中是否存在任何拼写错误。
日志上下文 #  日志"The registered ACS URL for this Service Provider is [{}] but the authentication"的类名是 SamlAuthnRequestValidator.java。 我们从Elasticsearch源代码中提取了以下内容，供那些寻求深入上下文的人参考：
"SAML authentication does not contain an AssertionConsumerService URL. It contains an Assertion Consumer Service Index " + "but this IDP doesn't support multiple AssertionConsumerService URLs."; throw new ElasticsearchSecurityException(message; RestStatus.BAD_REQUEST); } if (acs.equals(sp.getAssertionConsumerService().toString()) == false) { throw new ElasticsearchSecurityException("The registered ACS URL for this Service Provider is [{}] but the authentication " + "request contained [{}]"; RestStatus."
---


> **版本：** 7.7-7.15

简而言之，当Elasticsearch中为服务提供商注册的断言消费服务(ACS) URL与认证请求的ACS URL不匹配时，就会发生此错误。这种不匹配可能导致认证失败。要解决此问题，您可以更新服务提供商配置中已注册的ACS URL，使其与认证请求中的URL匹配，或者确保认证请求使用服务提供商配置中注册的正确ACS URL。另外，请检查URL中是否存在任何拼写错误。

日志上下文
-----------

日志"The registered ACS URL for this Service Provider is [{}] but the authentication"的类名是[SamlAuthnRequestValidator.java。](https://www.geeksforgeeks.org/java-lang-class-class-java-set-1/) 我们从Elasticsearch源代码中提取了以下内容，供那些寻求深入上下文的人参考：

```java
"SAML authentication does not contain an AssertionConsumerService URL. It contains an Assertion Consumer Service Index " +
 "but this IDP doesn't support multiple AssertionConsumerService URLs.";
 throw new ElasticsearchSecurityException(message; RestStatus.BAD_REQUEST);
 }
 if (acs.equals(sp.getAssertionConsumerService().toString()) == false) {
 throw new ElasticsearchSecurityException("The registered ACS URL for this Service Provider is [{}] but the authentication " +
 "request contained [{}]"; RestStatus.BAD_REQUEST; sp.getAssertionConsumerService(); acs);
 }
 return acs;
 }
```