我最近将Java从7升级到8,我遇到了使用saml请求的服务之一的问题。 我收到以下错误:
Jan 05, 2015 3:42:06 PM org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: oOGa8vH4D/IUG4rulEBiQMbc5as=
Jan 05, 2015 3:42:06 PM org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: 7JwuVaoeBca7IojrS0ULT3Fra0Y=
Jan 05, 2015 3:42:06 PM org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#XID-44b4791a2aab445ea06a1ae7fd6676c2] is valid: false
Jan 05, 2015 3:42:06 PM org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Couldn't validate the References
Jan 05, 2015 3:42:06 PM com.sun.xml.wss.impl.dsig.SignatureProcessor verify
SEVERE: WSS1315: Signature Verification Failed
Jan 05, 2015 3:42:06 PM com.sun.xml.wss.impl.dsig.SignatureProcessor verify
SEVERE: WSS1338: Error occured in verifying the signature
它早先使用Java 7工作。 以下是样品申请.... 样品申请:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:To>someURL</wsa:To>
<wsa:MessageID>XID-d0d2462194b6ced902422691850b50f3</wsa:MessageID>
<wsa:Action>someAction</wsa:Action>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="XID-71380b994c47272f6c2e2c31a0a26eb6">MIIGxTCCBK2gAwIBAgIQdGS5YDDbSjiUuMCJUFIPKDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJOTDEgMB4GA1UECgwXS1BOIEN......</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ds:InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XID-0f11762f41a81b1c00fb6bc112c8d0a6">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>V8ydrq8hUhYDYJKj2MTSwTqEX78=</ds:DigestValue>
<ds:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
</ds:Reference>
<ds:Reference URI="#XID-b2710d2281c8eed3501a59da494fd8fb">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>JYygH6jWBQ0mmKD0wALX4SwZGJg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>BBChEf5PWEQlgBXtuI+f6eVOvjDRv8IBsvieQR0oZV2/owShrZafL/xsqyUwaTHKKjiqA8UoStQs09/K4vihsQhxTxf90f6jfzd+UMMyPJzgbn51pS6Sqz6ZFIa1SD....</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="XID-cfb3089f3308ae0aa8ff7bd399ff31c6">
<wsse:Reference URI="#XID-71380b994c47272f6c2e2c31a0a26eb6"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" wsu:Id="XID-0f11762f41a81b1c00fb6bc112c8d0a6">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">XID-0f11762f41a81b1c00fb6bc112c8d0a6</wsse:KeyIdentif
ier>
</wsse:SecurityTokenReference>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="XID-0f11762f41a81b1c00fb6bc112c8d0a6"
Version="2.0" IssueInstant="2014-12-23T14:53:27Z">
<saml:Issuer>ABC</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XID-0f11762f41a81b1c00fb6bc112c8d0a6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3RL5/9A9PnbcN1UQlYoex2wmB2I=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>gNvBQlMs49fAZ02t4ng68LO6A0rh1MooT1qhhLoel5mt/a2A8xEl9Dr6diS+iv/cuINsEIlq8YMQKbMHE5mQgVQ2XFQPLeK9PX2nMdFzCglR3ZOyd8OsrhiDwb....</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data/>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID>urn:app:NUM:693315908</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml:Subject>
<saml:Conditions/>
<saml:AuthnStatement AuthnInstant="2014-12-23T14:53:27Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>PasswordProtectedTransport</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>someAuthenticationAuthority</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XID-b2710d2281c8eed3501a59da494fd8fb">
//body goes here
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>