使用 spring-security-saml 在应用程序中没有配置 IDP 错误

【问题标题】:No IDP was configured error in app using spring-security-saml使用 spring-security-saml 在应用程序中没有配置 IDP 错误
【发布时间】:2015-03-19 09:14:30
【问题描述】:

我正在使用 Spring Boot 和 Spring Security SAML 基于https://github.com/vdenotaris/spring-boot-security-saml-sample 的示例代码编写一个 Web 应用程序。当我尝试在我的应用程序中访问安全 URL 时,出现此异常:

org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP

我正在按如下方式配置 IDP:

@Bean
@Qualifier("idp-wwu")
public ExtendedMetadataDelegate wwuExtendedMetadataProvider() throws MetadataProviderException {
    log.debug("Adding wwu IDP metadata provider");
    @SuppressWarnings({"deprecation"})
    HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider("https://sidp.wwu.edu/idp/profile/Metadata/SAML", 5000);
    httpMetadataProvider.setParserPool(parserPool());
    ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
    extendedMetadataDelegate.setMetadataTrustCheck(false);
    extendedMetadataDelegate.setMetadataRequireSignature(false);
    return extendedMetadataDelegate;
}

@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
    List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
    providers.add(wwuExtendedMetadataProvider());
    log.debug("Added wwu IDP metadata provider");
    return new CachingMetadataManager(providers);
}

从调试输出来看,IDP 似乎已配置:

2015-01-20 09:08:07.097 DEBUG 50730 --- [ost-startStop-1] e.w.a.r.g.config.WebSecurityConfig       : Adding wwu IDP metadata provider
2015-01-20 09:08:07.131 DEBUG 50730 --- [ost-startStop-1] e.w.a.r.g.config.WebSecurityConfig       : Added wwu IDP metadata provider
2015-01-20 09:08:07.169 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Creating metadata reload timer with interval 10000
2015-01-20 09:08:07.172 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Clearing metadata cache
2015-01-20 09:08:07.172 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Reloading metadata
2015-01-20 09:08:07.173 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Refreshing metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@71728250
2015-01-20 09:08:07.173 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Trust verification skipped for metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@71728250
2015-01-20 09:08:07.175 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Created new trust manager for metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@71728250
2015-01-20 09:08:07.176 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Adding signature filter
2015-01-20 09:08:07.176 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Initializing extendedMetadataDelegate org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@71728250
2015-01-20 09:08:07.176 DEBUG 50730 --- [ost-startStop-1] o.s.s.s.m.ExtendedMetadataDelegate       : Initializing delegate
2015-01-20 09:08:07.477  INFO 50730 --- [ost-startStop-1] .s.m.p.AbstractReloadingMetadataProvider : New metadata succesfully loaded for 'https://sidp.wwu.edu/idp/profile/Metadata/SAML'
2015-01-20 09:08:07.480  INFO 50730 --- [ost-startStop-1] .s.m.p.AbstractReloadingMetadataProvider : Next refresh cycle for metadata provider 'https://sidp.wwu.edu/idp/profile/Metadata/SAML' will occur on '2015-01-20T20:08:07.287Z' ('2015-01-20T12:08:07.287-08:00' local time)
2015-01-20 09:08:07.480 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Initializing provider data org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@71728250
2015-01-20 09:08:07.481 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Found metadata EntityDescriptor with ID
2015-01-20 09:08:07.482 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Remote entity https://sidp.wwu.edu/idp/shibboleth available
2015-01-20 09:08:07.483 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Metadata provider was initialized org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@71728250
2015-01-20 09:08:07.483 DEBUG 50730 --- [ost-startStop-1] o.s.s.saml.metadata.MetadataManager      : Reloading metadata was finished

我做错了什么?

【问题讨论】:

    标签: java spring-security spring-boot spring-saml


    【解决方案1】:

    我相信问题出在metadata you're importing - 它不完整。没有元素IDPSSODescriptor,因此没有要导入的 IDP:

    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sidp.wwu.edu/idp/shibboleth" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ContactPerson contactType="other" xmlns:icmd="http://id.incommon.org/metadata"><GivenName>Linc Nesheim</GivenName><EmailAddress xmlns="urn:oasis:names:tc:SAML:2.0:metadata">linc.nesheim@wwu.edu</EmailAddress></ContactPerson></EntityDescriptor>

    【讨论】:

    • 就是这样,谢谢!显然,IDP 系统管理员做出了破坏元数据的更改。其他 SP 正在工作,因为他们使用的是旧的、正确的元数据。
    猜你喜欢
    • 2018-07-12
    • 1970-01-01
    • 2014-05-04
    • 2015-07-11
    • 2020-08-24
    • 2016-02-17
    • 2014-11-25
    • 2015-01-03
    • 2018-04-24
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode