1. 首页
  2. 问答
  3. spring + saml验证协议消息签名失败

spring + saml验证协议消息签名失败

2015-08-09 106 views
0

请大家帮忙。我有一个sp和远程idp的公钥。 我上传了spring saml的样本并进行了更改,公钥已添加到jks文件(使用keytool,命令列表显示cer已导入)并带有别名,并将其用signedKey指向了idp的扩展元数据。但最终验证失败了。spring + saml验证协议消息签名失败

org.springframework.security.authentication.AuthenticationServiceException: Incoming SAML message is invalid 
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:100) 
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) 
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) 
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) 
at java.lang.Thread.run(Thread.java:745)

造成的:org.opensaml.ws.security.SecurityPolicyException:协议消息的签名验证失败

来源

2015-08-09 tony j

回答

0

你可以尝试设置记录器DEBUG。它可能会提供有关验证处理的有用信息。

来源

2015-08-20 15:52:23 Evguen

相关问题

 相关问题