1. 首頁
  2. 問答
  3. spring + saml驗證協議消息簽名失敗

spring + saml驗證協議消息簽名失敗

2015-08-09 139 views
0

請大家幫忙。我有一個sp和遠程idp的公鑰。 我上傳了spring saml的樣本並進行了更改,公鑰已添加到jks文件(使用keytool,命令列表顯示cer已導入)並帶有別名,並將其用signedKey指向了idp的擴展元數據。但最終驗證失敗了。spring + saml驗證協議消息簽名失敗

org.springframework.security.authentication.AuthenticationServiceException: Incoming SAML message is invalid 
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:100) 
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) 
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) 
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) 
at java.lang.Thread.run(Thread.java:745)

造成的:org.opensaml.ws.security.SecurityPolicyException:協議消息的簽名驗證失敗

來源

2015-08-09 tony j

回答

0

你可以嘗試設置記錄器DEBUG。它可能會提供有關驗證處理的有用信息。

來源

2015-08-20 15:52:23 Evguen

相關問題

 相關問題