Opensaml:具有空引用URI

时间:2018-05-09 23:32:16

标签: java opensaml

如何在Signature下的SignedInfo下设置Reference节点的URI。为什么我在签名时没有从Response对象中选择ID值?

这是我的代码:

QName respQName = new QName(SAMLConstants.SAML20P_NS,Response.DEFAULT_ELEMENT_LOCAL_NAME, "samlp");
Response resp = new ResponseBuilder().buildObject(respQName);
resp.setID(uuid);
//resp.set .......

Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME)              .buildObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(signingCredential);
signature.setKeyInfo(new SAMLResponseGenerator().getKeyInfo(signingCredential, null, uuid));
assertion.setSignature(signature);
resp.getAssertions().add(assertion);
Signer.signObject(signature);
marshallerFactory = Configuration.getMarshallerFactory();
Element responseTxt = marshallerFactory.getMarshaller(resp).marshall(resp);
System.out.println(XMLHelper.nodeToString(responseTxt));

我错过了什么?

1 个答案:

答案 0 :(得分:0)

如果有人遇到同样的问题:参考uri似乎只有当实际的响应对象被编组时才会进入&然后签了名。只签署它而不进行编组是不够的。就我而言,Iam在签名后加密断言。

Element  responseTxt = new ResponseMarshaller().marshall(resp);  
Signer.signObject(signature);                  
EncryptedAssertion encryptedAssertion = getEncryptedAssertion(resp.getAssertions().get(0), credential);
resp.getAssertions().clear();
resp.getEncryptedAssertions().add(encryptedAssertion);