我试图通过签署响应来实现SAML 2.0,而不是断言.我有3个现有供应商在Assertion级别接受我的签名,但是新供应商正在协议/响应级别请求它.我一直在谷歌搜索和调试大约8个小时,并找不到我做错的有效例子.我的代码清楚地显示了我在做什么,最后10行左右是我实现的差异(在if/else中).另外,我在XML中注意到我的SignatureValue和DigestValue都是空的.任何人都可以指向一些明确的文档,或者更好的是,使用openSAML的工作响应签名的示例?在这一点上,任何帮助表示赞赏.
Assertion assertion = OpenSamlHelper.CreateSamlAssertion(
issuer.trim(), recipient.trim(), domain.trim(), subject.trim(),
attributes);
//
// Sign
//
Credential signingCredential = getSigningCredential(keystore, storetype, storepass, alias, keypass);
Signature signature = (Signature) Configuration.getBuilderFactory()
.getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
SecurityConfiguration secConfiguration = Configuration.getGlobalSecurityConfiguration();
NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = secConfiguration.getKeyInfoGeneratorManager();
KeyInfoGeneratorManager keyInfoGeneratorManager = namedKeyInfoGeneratorManager.getDefaultManager();
KeyInfoGeneratorFactory keyInfoGeneratorFactory = keyInfoGeneratorManager.getFactory(signingCredential);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
KeyInfo keyInfo = null;
try {
keyInfo = keyInfoGenerator.generate(signingCredential);
} catch (Exception e) {
logger.error(e);
}
signature.setKeyInfo(keyInfo);
String saml = "";
try {
MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory(); …