Single sign on 使用OpenSAML v3从IDP元数据创建凭据对象
我正在尝试验证从SSO Sircle IDP返回的SAML响应。为此,我使用SSO circle提供的IDP元数据创建具有IDP公钥的凭证对象,如下所示:Single sign on 使用OpenSAML v3从IDP元数据创建凭据对象,single-sign-on,saml,saml-2.0,opensaml,Single Sign On,Saml,Saml 2.0,Opensaml,我正在尝试验证从SSO Sircle IDP返回的SAML响应。为此,我使用SSO circle提供的IDP元数据创建具有IDP公钥的凭证对象,如下所示: FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\\idp_metadata.xml")); idpMetadataResolver.setRequireValidMetadata(true
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\\idp_metadata.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(new BasicParserPool());
idpMetadataResolver.initialize();
MetadataCredentialResolver credentialResolver = new MetadataCredentialResolver();
credentialResolver.setRoleDescriptorResolver(new BasicRoleDescriptorResolver(idpMetadataResolver));
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion("https://idp.ssocircle.com"));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
X509Credential credential = (X509Credential)credentialResolver.resolveSingle(criteriaSet);
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\\idp.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
idpMetadataResolver.setId("someidentifier");
idpMetadataResolver.initialize();
但是,在尝试初始化IDPMataResolver时会引发异常:
net.shibboleth.utilities.java.support.component.ComponentInitializationException: Component identifier can not be null
at net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent.doInitialize(AbstractIdentifiedInitializableComponent.java:65)
at org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver.doInitialize(AbstractMetadataResolver.java:188)
at net.shibboleth.utilities.java.support.component.AbstractInitializableComponent.initialize(AbstractInitializableComponent.java:61)
我对OpenSAML非常陌生,我主要在网上查看示例和教程,但大多数都是为OpenSAML v2.0编写的。我想知道在初始化对象时是否做错了什么 在挖掘了OpenSAML3Java文档和Shibboleth开发社区之后,我想我找到了问题的答案。元数据解析程序对象需要按如下方式设置:
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\\idp_metadata.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(new BasicParserPool());
idpMetadataResolver.initialize();
MetadataCredentialResolver credentialResolver = new MetadataCredentialResolver();
credentialResolver.setRoleDescriptorResolver(new BasicRoleDescriptorResolver(idpMetadataResolver));
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion("https://idp.ssocircle.com"));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
X509Credential credential = (X509Credential)credentialResolver.resolveSingle(criteriaSet);
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\\idp.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
idpMetadataResolver.setId("someidentifier");
idpMetadataResolver.initialize();