相关疑难解决方法(0)

我在获取Spring SAML集成时遇到问题,为我的IdP生成正确的元数据文件.我获得了新的SHA256 SSL证书.我已经完成了创建相应keyStore的所有步骤,并将我的Spring安全配置文件全部设置完毕.我确实有98%的方式,但生成的元数据文件中缺少一件事,我不能为我的生活弄清楚为什么它没有设置.

这是MetadataGeneratorFilter的ExtendedMetadata配置:

<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
    <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
        <property name="entityId" value="urn:myentityidhere"/>
        <property name="entityBaseURL" value="https://${saml.url}"/>
        <property name="extendedMetadata">
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                <property name="signMetadata" value="true"/>
                <property name="signingAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <property name="alias" value="ceo"/>
                <property name="signingKey" value="${saml.sp.alias}"/>
                <property name="encryptionKey" value="${saml.sp.alias}"/>
            </bean>
        </property>
    </bean>
</constructor-arg>

当我运行我的应用程序并转到/ saml/metadata URI以获取Spring生成我需要发送到我的IdP的元数据文件时,SHA256算法在SignatureMethod上正确设置,但子DigestMethod标记的算法值仍然设置到SHA1,当我需要将ALSO设置为SHA256以及DigestValue作为SHA256值而不是SHA1值.

<ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    <ds:Reference URI="#urn_myentityidhere">
        <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>xxxxxxx</ds:DigestValue>
    </ds:Reference>
</ds:SignedInfo>

有人可以指导我如何/我需要设置什么来将DigestMethod算法值设置为256？我想,因为它是SignedInfo标记的子代,它将从Extendedmetadata配置继承signedAlgorithm值,但实际上并非如此.

任何帮助将不胜感激.非常感谢.

解决方案 - 万一有人关心

因此,经过一天的挖掘,我决定自己实施.我通过添加字段digestMethodAlgorithm扩展了ExtendedMetadata类,并添加了适当的getter/setter:

/**
 * Algorithm used for creation of digest method of this entity. At the …

Im trying to implement spring-securtiy-saml integration as a SP with an adfs system, and im bumping my head for some days now with this exception happening when SAMLResponnse is sent back from the ADFS after successful authentication and the following exception is thrown. this is the DEBUG log:

2017-10-02 18:05:09,246 - DEBUG [http-apr-443-exec-9] BaseMessageEncoder - Successfully encoded message.
2017-10-02 18:05:09,246 - INFO  [http-apr-443-exec-9] SAMLDefaultLogger - AuthNRequest;SUCCESS;208.95.100.30;saml2.glassboxdigital.com;http://this/is/a/valid/url;;;
2017-10-02 18:05:09,859 - DEBUG [http-apr-443-exec-3] SAMLProcessingFilter - Request is to process authentication
2017-10-02 18:05:09,860 …