如何在Signature下的SignedInfo下设置Reference节点的URI。为什么我在签名时没有从Response对象中选择ID值?
QName respQName = new QName(SAMLConstants.SAML20P_NS,Response.DEFAULT_ELEMENT_LOCAL_NAME, "samlp");
Response resp = new ResponseBuilder().buildObject(respQName);
resp.setID(uuid);
//resp.set .......
Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME) .buildObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(signingCredential);
signature.setKeyInfo(new SAMLResponseGenerator().getKeyInfo(signingCredential, null, uuid));
assertion.setSignature(signature);
resp.getAssertions().add(assertion);
Signer.signObject(signature);
marshallerFactory = Configuration.getMarshallerFactory();
Element responseTxt = marshallerFactory.getMarshaller(resp).marshall(resp);
System.out.println(XMLHelper.nodeToString(responseTxt));
我错过了什么?
答案 0 :(得分:0)
如果有人遇到同样的问题:参考uri似乎只有当实际的响应对象被编组时才会进入&然后签了名。只签署它而不进行编组是不够的。就我而言,Iam在签名后加密断言。
Element responseTxt = new ResponseMarshaller().marshall(resp);
Signer.signObject(signature);
EncryptedAssertion encryptedAssertion = getEncryptedAssertion(resp.getAssertions().get(0), credential);
resp.getAssertions().clear();
resp.getEncryptedAssertions().add(encryptedAssertion);