2
我已經提到了Spring SAML手冊來創建私鑰並導入公共證書。但我仍然面臨加密/解密方面的問題。Spring SAML:解密加密密鑰時出錯,沒有安裝的提供者支持此密鑰
我已經創建了下面的命令一個JKS文件,內容如下
命令用於導入IDP的公證書
keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file testIdp.cer
命令用於私鑰
手冊中提到的keytool -genkeypair -alias myprivatealias -keypass changeit -keystore samlKeystore.jks
私鑰和密鑰庫的密碼定義爲'changeit'
我已經配置SecurityContext的如下
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="changeit"/>
<constructor-arg>
<map>
<entry key="myprivatealias" value="changeit"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="myprivatealias"/>
</bean>
我能看到idpDiscovery頁面,在這裏我可以選擇IDP。我也可以查看IDP的登錄頁面。但是,當我提供用戶憑據時,我收到以下異常。
當saml2:EncryptedAssertion與SAML響應中的saml2p:Status一起發送時,會發生此異常。 (類:WebSSOProfileConsumerImpl的彈簧罐)
ERROR org.opensaml.xml.encryption.Decrypter - Error decrypting encrypted key
org.apache.xml.security.encryption.XMLEncryptionException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
Original Exception was java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1479)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:697)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1475)
... 46 more
740323 [http-8080-2] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
740324 [http-8080-2] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
740325 [http-8080-2] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content
任何人都可以讓我知道我要去哪裏錯?
備用命令來代替上述
keytool -genkey -alias privatekeyalias -keyalg RSA -keystore samlKeystore.jks
如果我用這個命令和更新JKS文件,然後我得到的InvalidKeyException將提到一個不同的異常私鑰生成:關鍵是展開太長。
Caused by: java.security.InvalidKeyException: Key is too long for unwrapping
at com.sun.crypto.provider.RSACipher.engineUnwrap(DashoA13*..)
at javax.crypto.Cipher.unwrap(DashoA13*..)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 46 more
41 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
42 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
42 [http-8080-1] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content
任何人都可以幫我解決這個問題嗎?
是否安裝了無限強度加密庫(http://docs.spring.io/autorepo/docs /spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/#quick-start-prerequisites)? – 2014-10-06 17:31:10
@vschafer Ya我已經通過將兩個jar(US_export_policy和local_policy)複製到C:\ Program Files \ Java \ jdk1.6.0_25 \ jre \ lib \ security和C:\ Program Files \ Java \ jre6 \ lib \ security 。 **仍然收到相同的錯誤。**從(http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)下載Jars。生成私鑰是否存在其他問題(** keytool -genkey -alias privatekeyalias -keyalg RSA -keystore samlKeystore.jks **)? – 2014-10-07 09:32:57
@vschafer作爲對上述評論的繼續,我也嘗試了各種各樣的關鍵代。我使用** keytool -genkeypair **和** keytool -genkey **提到** - keyalg RSA **。對於這兩個鍵,我得到的錯誤是** java.security.InvalidKeyException:Key對於解包**太長。我甚至嘗試安裝上述評論中提到的無限強度加密庫。你能讓我知道我要去哪裏嗎? – 2014-10-07 11:45:38