您好,我在访问SAML网址时遇到异常。这主要是使用metadata_idp的问题。因为这与其他具有不同元数据的IDP一起使用。请帮我找出元数据xml中的问题。
javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:161)
org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107)
我的idpmetadat.xml配置如下。
<?xml version="1.0" encoding="UTF-8" ?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
ID="idfdmoAYqQtEozWEOcEj5IgJWhE1k" entityID="https://example.com/nidp/saml2/metadata">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#idfdmoAYqQtEozWEOcEj5IgJWhE1k">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">4UvquLeqvOeKQsO/e3XZdP7pGUE=
</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
fuisfhifhsfif
</SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<md:AttributeAuthorityDescriptor ID="idWBVe5DrgqPvsjol4GsECxwBoARs"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap" />
<md:AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="https://example.com/nidp/saml2/assertion" />
</md:AttributeAuthorityDescriptor>
<md:IDPSSODescriptor ID="id5dNezhGwQ3I1nafN2lvcCnG0hFg"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap"
index="0" isDefault="true" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/slo"
ResponseLocation="https://example.com/nidp/saml2/slo_return" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/slo"
ResponseLocation="https://example.com/nidp/saml2/slo_return" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/rni"
ResponseLocation="https://example.com/nidp/saml2/rni_return" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/rni"
ResponseLocation="https://example.com/nidp/saml2/rni_return" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sso" />
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/sso" />
<md:NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
</md:IDPSSODescriptor>
<md:SPSSODescriptor ID="idit9RFI3qQPIpRJhkjqQawKkdOMk"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/spsoap"
index="0" isDefault="true" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/spslo"
ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/spsoap" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/spslo"
ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/spsoap" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sprni"
ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/sprni"
ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="2" />
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="1" />
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="0" isDefault="true" />
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Preferred
Company</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Preferred
Company</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">www.bubu.com
</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="administrative">
<md:Company> Company</md:Company>
<md:GivenName>vawani</md:GivenName>
<md:SurName>vawani</md:SurName>
<md:EmailAddress>vawani@bubu.com</md:EmailAddress>
<md:TelephoneNumber>xxxxxx</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
&#13;
答案 0 :(得分:1)
您的IDP元数据已签名。也许由于签名验证过程中的失败而导入它。如果是这种情况,您可以重新配置Spring SAML以跳过签名验证,将用于签署元数据的证书添加到您的samlKeystore,或者只是从元数据xml中删除签名。