相关疑难解决方法(0)

Spring-SAML的SSL配置问题

我正在尝试基于"spring-security-saml2-sample"设置SP,但是当我在Tomcat上部署WAR文件时,我得到以下异常:

Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@443c35d3 failed, provider will be ignored
org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from   
https://dominio.com/fed/idp/metadata
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:266)
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
        at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
        at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
        at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:397)
        at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:245)
        at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
        at org.springframework.security.saml.metadata.MetadataManager.afterPropertiesSet(MetadataManager.java:141)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:876)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:818)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:735)
        at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:478)
        at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
        at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:284)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1106)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) …

Run Code Online (Sandbox Code Playgroud)

ssl spring spring-security saml-2.0 spring-saml

Dan*_*iel

2014 07-12

11
推荐指数

1
解决办法

9944
查看次数

Spring Security SAML IdP 元数据证书和签名

我看过很多问题，包括/sf/answers/1776944711/。我有 IdP 元数据和证书，但似乎无法获得 Spring，所以请查看。

将证书添加到密钥库：keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file certificate.crt
在元数据中有多个证书（2 个不同的）和一个 SignatureValue。
我尝试使用相同的 keytool 命令添加签名值，但它不是证书。
我还尝试添加在元数据中找到的 2 个证书。

我启用了调试日志，这就是我得到的：

使用 KeyInfo 派生凭证成功验证签名
尝试建立对 KeyInfo 派生凭证的信任
提供的受信任名称为空或为空，跳过名称评估
尝试对不受信任的凭证进行 PKIX 路径验证：[subjectName='O=novell,OU=accessManager,CN=test-signing']
对于不受信任的凭证，PKIX 路径构建失败：[subjectName='O=novell,OU=accessManager,CN=test-signing']：无法找到到请求目标的有效证书路径
无法通过签名凭据的 PKIX 验证建立签名信任
未能建立对 KeyInfo 派生凭证的信任
无法使用任何 KeyInfo 派生凭据验证签名和/或建立信任
PKIX 签名验证失败，无法解析有效且可信的签名密钥
元数据条目的签名信任建立失败http://idp.ppd.com/nidp/saml2/metadata
从http://idp.ppd.com/nidp/saml2/metadata org.opensaml.saml2.metadata.provider.FilterException过滤元数据时出错：org.opensaml.saml2.metadata.provider.SignatureValidationFilter 元数据条目的签名信任建立失败.verifySignature(SignatureValidationFilter.java:312)