2
我是服務提供從IDP接收SAML斷言簽名。我在Tomcat之上使用JOSSO來使用斷言。這裏的問題是我無法驗證斷言簽名。無法驗證SAML斷言簽名
IDP證書使用別名「IDP」上載到我的密鑰庫中。
當驗證簽名,我得到以下錯誤:
2012-12-19 14:09:38,697 | ERROR | P/SAML2/ACS/POST | AbstractCamelProducer | tion.camel.AbstractCamelProducer 146 | 170 - org.atricore.idbus.kernel.main - 1.3.0 | urn:oasis:names:tc:SAML:2.0:status:Requester:urn:oasis:names:tc:SAML:2.0:status:RequestDenied:urn:org:atricore:idbus:samlr2:status:**InvalidResponseSignature:null**:
org.atricore.idbus.capabilities.sso.support.core.SSOResponseException: urn:oasis:names:tc:SAML:2.0:status:Requester:urn:oasis:names:tc:SAML:2.0:status:RequestDenied:urn:org:atricore:idbus:samlr2:status:InvalidResponseSignature:null:
at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.validateResponse(AssertionConsumerProducer.java:943)
at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:139)
at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:85)
at org.atricore.idbus.kernel.main.mediation.camel.AbstractCamelProducer.process(AbstractCamelProducer.java:133)[170:org.atricore.idbus.kernel.main:1.3.0]
at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43)[148:org.apache.camel.camel-core:1.6.1]
爲什麼不能JOSSO檢測密鑰庫證書和驗證簽名?我需要以不同的方式定義別名嗎?
您是使用1還是2? –
我們正在使用saml 2.0 – Rostam
這是JOSSO中的一個已知錯誤。 – Rostam