我正在尝试使用标准 spring saml example与本地存储的 SP 元数据。在验证该示例适用于自动生成的元数据后,我使用提供的说明将数据存储在本地:
In order to permanently store the metadata follow these instructions:
- Store metadata content inside your achrive at /WEB-INF/classes/metadata/vcdevelopmenttestrobert_sp.xml
- Make sure to update your identity provider(s) with the generated metadata
- Modify bean "metadata" in your securityContext.xml and include content from the configuration above
我收到错误(在触发 SSO 登录时)
Message:
Cannot sign outgoing message as no signing credential is set in the context
StackTrace:
java.lang.IllegalArgumentException: Cannot sign outgoing message as no signing credential is set in the context
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:222)
at ...
元数据看起来像这样:
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<constructor-arg>
<value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>
</constructor-arg>
<constructor-arg>
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/vcdevelopmenttestrobert_sp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="sslHostnameVerification" value="default"/>
<property name="signMetadata" value="false"/>
<property name="signingKey" value="null"/>
<property name="encryptionKey" value="null"/>
<property name="requireArtifactResolveSigned" value="true"/>
<property name="requireLogoutRequestSigned" value="true"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL" value="http://localhost:8080/saml/discovery"/>
<property name="idpDiscoveryResponseURL" value="http://localhost:8080/saml/login?disco=true"/>
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
</bean>
知道我做错了什么吗?
最佳答案
回答我自己的问题:signingKey 和 encryptionKey 应该改为:
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
我找到了答案 here .如果元数据管理页面对此有提示,那就太好了。
关于java - spring saml 无法签署传出消息,因为在上下文中没有设置签名凭证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28682741/