java - spring saml 无法签署传出消息，因为在上下文中没有设置签名凭证

Question

我正在尝试使用标准 spring saml example与本地存储的 SP 元数据。在验证该示例适用于自动生成的元数据后，我使用提供的说明将数据存储在本地:

In order to permanently store the metadata follow these instructions:

• Store metadata content inside your achrive at/WEB-INF/classes/metadata/vcdevelopmenttestrobert_sp.xml
• Make sure to update your identity provider(s) with the generated metadata
• Modify bean "metadata" in your securityContext.xml and include content fromthe configuration above

我收到错误(在触发 SSO 登录时)

Message:
Cannot sign outgoing message as no signing credential is set in the context 

StackTrace:
java.lang.IllegalArgumentException: Cannot sign outgoing message as no signing credential is set in the context
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:222)
at ...

元数据看起来像这样:

 <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
    <constructor-arg>
        <list>
            <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
                <constructor-arg>
                    <value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>
                </constructor-arg>
                <constructor-arg>
                    <value type="int">5000</value>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
                <constructor-arg>
                    <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                        <constructor-arg>
                            <bean class="java.util.Timer"/>
                        </constructor-arg>
                        <constructor-arg>
                            <bean class="org.opensaml.util.resource.ClasspathResource">
                                <constructor-arg value="/metadata/vcdevelopmenttestrobert_sp.xml"/>
                            </bean>
                        </constructor-arg>
                        <property name="parserPool" ref="parserPool"/>
                    </bean>
                </constructor-arg>
                <constructor-arg>
                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                        <property name="local" value="true"/>
                        <property name="securityProfile" value="metaiop"/>
                        <property name="sslSecurityProfile" value="pkix"/>
                        <property name="sslHostnameVerification" value="default"/>
                        <property name="signMetadata" value="false"/>
                        <property name="signingKey" value="null"/>
                        <property name="encryptionKey" value="null"/>
                        <property name="requireArtifactResolveSigned" value="true"/>
                        <property name="requireLogoutRequestSigned" value="true"/>
                        <property name="requireLogoutResponseSigned" value="false"/>
                        <property name="idpDiscoveryEnabled" value="true"/>
                        <property name="idpDiscoveryURL" value="http://localhost:8080/saml/discovery"/>
                        <property name="idpDiscoveryResponseURL" value="http://localhost:8080/saml/login?disco=true"/>
                    </bean>
                </constructor-arg>
            </bean> 
        </list>
    </constructor-arg>
 </bean>

知道我做错了什么吗？

Answer 1

回答我自己的问题:signingKey 和 encryptionKey 应该改为:

  <property name="signingKey" value="apollo"/>
  <property name="encryptionKey" value="apollo"/>  

我找到了答案 here .如果元数据管理页面对此有提示，那就太好了。