java如何将Spring SAML代码与jks或签名metdata一起使用

1 周，5 日 Questions & Answers 1418

IDP只提供了一个。crt文件和元数据xml文件，IDP告诉我们没有密码。crt文件，我使用以下命令创建了jks文件：keytool-import-alias zoom-trustcacerts-file qa。crt-密钥库。jks。现在，我下载了spring SAML演示代码，并更改了SecurityContext。xml如下所示：

------马塔达。xml---------------------

<md:EntityDescriptor entityID="gene.com" cacheDuration="PT1440M" ID="dfhGJ7yKW7C3nvicVEN.puf7bSh" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <ds:Reference URI="#dfhGJ7yKW7C3nvicVEN.puf7bSh">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>lSCVZb+3JcGXnhwYj5IQqxaM2UaBbmiTOYa/fO5NRAo=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
        {my ds:SignatureValue}
    </ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>
                {my ds:X509Certificate}
            </ds:X509Certificate>
        </ds:X509Data>
        <ds:KeyValue>
            <ds:RSAKeyValue>
                <ds:Modulus>
                    {my ds:Modulus}
                </ds:Modulus>
                <ds:Exponent>AQAB</ds:Exponent>
            </ds:RSAKeyValue>
        </ds:KeyValue>
    </ds:KeyInfo>
</ds:Signature>
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:X509Data>
                <ds:X509Certificate>
                    {my ds:X509Certificate}
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
    <md:SingleSignOnService Location="https://b2bqa.roche.com/idp/SSO.saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
    <md:SingleSignOnService Location="https://b2bqa.roche.com/idp/SSO.saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="WorkPhone" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="ChrisID" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Email" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Account" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Department" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="MobilePhone" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
    <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Sex" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="administrative">
    <md:Company>Genentech Inc.,</md:Company>
    <md:GivenName>IAM-DFS</md:GivenName>
    <md:EmailAddress>GLOORG_SAS-AMS-Web-Access-Services-Comms@msxdl.roche.com</md:EmailAddress>
</md:ContactPerson>

<bean id="samlMetadataManager" class="org.springframework.security.saml.metadata.CachingMetadataManager">
    <constructor-arg>
        <list>
            <bean id="samlRocheIDP" class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                <constructor-arg>
                    <value type="java.io.File">classpath:qa.xml</value>
                </constructor-arg>
                <property name="parserPool" ref="samlParserPool"/>
            </bean>
        </list>
    </constructor-arg>
</bean>

------安全上下文。xml-------------------- 但SP初始化总是失败，错误消息：

Signature verification failed.
Signature trust establishment failed for metadata entry https://b2b.roche.com
Error filtering metadata from E:\Workspace2\saml\spring-security-saml\target\classes\qa.xml

我的问题是如何将spring saml与签名元数据xml文件集成。我应该创建另一个jks文件吗？我克隆了许多java演示，他们在springWebSecurityContext中配置了元数据xml文件和jks文件。xml

但我认为元数据xml已经包含证书和密钥。我想我不需要再配置jks文件了，对吧

你能帮我找到如何将saml集成到我的项目中吗？谢谢大家

Python中文网

有 Java 编程相关的问题?

java如何将Spring SAML代码与jks或签名metdata一起使用

共 (1) 个答案

# 1 楼答案