没有配置IDP,请使用至少一个IDP更新包含的元数据

时间:2015-05-20 12:40:44

标签: saml spring-saml

您好,我在访问SAML网址时遇到异常。这主要是使用metadata_idp的问题。因为这与其他具有不同元数据的IDP一起使用。请帮我找出元数据xml中的问题。

  javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:161)
org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107)

我的idpmetadat.xml配置如下。

idp.xml



<?xml version="1.0" encoding="UTF-8" ?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
	ID="idfdmoAYqQtEozWEOcEj5IgJWhE1k" entityID="https://example.com/nidp/saml2/metadata">
	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
		<ds:SignedInfo>
			<CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
				Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
			<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
			<ds:Reference URI="#idfdmoAYqQtEozWEOcEj5IgJWhE1k">
				<ds:Transforms>
					<ds:Transform
						Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
				</ds:Transforms>
				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
				<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">4UvquLeqvOeKQsO/e3XZdP7pGUE=
				</DigestValue>
			</ds:Reference>
		</ds:SignedInfo>
		<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
			fuisfhifhsfif
</SignatureValue>
		<ds:KeyInfo>
			<ds:X509Data>
				<ds:X509Certificate>
					
</ds:X509Certificate>
			</ds:X509Data>
		</ds:KeyInfo>
	</ds:Signature>
	<md:AttributeAuthorityDescriptor ID="idWBVe5DrgqPvsjol4GsECxwBoARs"
		protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>
						gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
		</md:KeyDescriptor>
		<md:KeyDescriptor use="encryption">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>
						gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
		</md:KeyDescriptor>
		<md:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
			Location="https://example.com/nidp/saml2/soap" />
		<md:AssertionIDRequestService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap" />
		<md:AssertionIDRequestService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="https://example.com/nidp/saml2/assertion" />
	</md:AttributeAuthorityDescriptor>
	<md:IDPSSODescriptor ID="id5dNezhGwQ3I1nafN2lvcCnG0hFg"
		protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>
						gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
		</md:KeyDescriptor>
		<md:KeyDescriptor use="encryption">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>
						gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
		</md:KeyDescriptor>
		<md:ArtifactResolutionService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap"
			index="0" isDefault="true" />
		<md:SingleLogoutService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/slo"
			ResponseLocation="https://example.com/nidp/saml2/slo_return" />
		<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
			Location="https://example.com/nidp/saml2/soap" />
		<md:SingleLogoutService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
			Location="https://example.com/nidp/saml2/slo"
			ResponseLocation="https://example.com/nidp/saml2/slo_return" />
		<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
			Location="https://example.com/nidp/saml2/soap" />
		<md:ManageNameIDService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/rni"
			ResponseLocation="https://example.com/nidp/saml2/rni_return" />
		<md:ManageNameIDService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
			Location="https://example.com/nidp/saml2/rni"
			ResponseLocation="https://example.com/nidp/saml2/rni_return" />
		<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
		</md:NameIDFormat>
		<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
		</md:NameIDFormat>
		<md:SingleSignOnService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sso" />
		<md:SingleSignOnService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
			Location="https://example.com/nidp/saml2/sso" />
		<md:NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
			Location="https://example.com/nidp/saml2/soap" />
	</md:IDPSSODescriptor>
	<md:SPSSODescriptor ID="idit9RFI3qQPIpRJhkjqQawKkdOMk"
		protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>
						gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
		</md:KeyDescriptor>
		<md:KeyDescriptor use="encryption">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>
						gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
		</md:KeyDescriptor>
		<md:ArtifactResolutionService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/spsoap"
			index="0" isDefault="true" />
		<md:SingleLogoutService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/spslo"
			ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
		<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
			Location="https://example.com/nidp/saml2/spsoap" />
		<md:SingleLogoutService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
			Location="https://example.com/nidp/saml2/spslo"
			ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
		<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
			Location="https://example.com/nidp/saml2/spsoap" />
		<md:ManageNameIDService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sprni"
			ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
		<md:ManageNameIDService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
			Location="https://example.com/nidp/saml2/sprni"
			ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
		<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
		</md:NameIDFormat>
		<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
		</md:NameIDFormat>
		<md:AssertionConsumerService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
			Location="https://example.com/nidp/saml2/spassertion_consumer"
			index="2" />
		<md:AssertionConsumerService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
			Location="https://example.com/nidp/saml2/spassertion_consumer"
			index="1" />
		<md:AssertionConsumerService
			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
			Location="https://example.com/nidp/saml2/spassertion_consumer"
			index="0" isDefault="true" />
	</md:SPSSODescriptor>
	<md:Organization>
		<md:OrganizationName xml:lang="en">Preferred 
			Company</md:OrganizationName>
		<md:OrganizationDisplayName xml:lang="en">Preferred
			  Company</md:OrganizationDisplayName>
		<md:OrganizationURL xml:lang="en">www.bubu.com
		</md:OrganizationURL>
	</md:Organization>
	<md:ContactPerson contactType="administrative">
		<md:Company>  Company</md:Company>
		<md:GivenName>vawani</md:GivenName>
		<md:SurName>vawani</md:SurName>
		<md:EmailAddress>vawani@bubu.com</md:EmailAddress>
		<md:TelephoneNumber>xxxxxx</md:TelephoneNumber>
	</md:ContactPerson>
</md:EntityDescriptor>
&#13;
&#13;
&#13;

1 个答案:

答案 0 :(得分:1)

您的IDP元数据已签名。也许由于签名验证过程中的失败而导入它。如果是这种情况,您可以重新配置Spring SAML以跳过签名验证,将用于签署元数据的证书添加到您的samlKeystore,或者只是从元数据xml中删除签名。