Fatal编程技术网
  • spring-security/
  • Spring security IDP启动的SSO在spring security SAML示例应用程序中不工作

Spring security IDP启动的SSO在spring security SAML示例应用程序中不工作

spring-security

Spring security IDP启动的SSO在spring security SAML示例应用程序中不工作,spring-security,saml,saml-2.0,Spring Security,Saml,Saml 2.0,我有一个springsecuritysaml项目的分支。您可以在此处看到我应用的更改: SPurn:troyhart:nwri在SSO圈中注册。如果您有SSO Circle登录,则可以启动应用程序并测试SP启动的SSO是否工作。但是,我无法使IDP启动的SSO工作。我得到以下例外情况: org.springframework.security.authentication.AuthenticationServiceException: Error determining metadata con

我有一个springsecuritysaml项目的分支。您可以在此处看到我应用的更改:

SP
urn:troyhart:nwri
在SSO圈中注册。如果您有SSO Circle登录,则可以启动应用程序并测试SP启动的SSO是否工作。但是,我无法使IDP启动的SSO工作。我得到以下例外情况:

org.springframework.security.authentication.AuthenticationServiceException: Error determining metadata contracts
  at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:91)
  at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
  at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
  at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
  at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
  at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
  at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
  at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
  at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
  at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
  at java.lang.Thread.run(Thread.java:745)
Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: Metadata for issuer http://idp.ssocircle.com wasn't found
  at org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:108)
  at org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:172)
  at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:77)
  ... 29 more
奇怪的是,异常表明示例应用程序认为IDP EntityID是
http://idp.ssocircle.com
,但SSO循环的真实实体ID是
https://idp.ssocircle.com

有人知道这里发生了什么吗?奇怪的是,我已经测试过IDP启动确实有效,但在某个点上它停止了工作,现在它每次都失败,只有给定的异常。请帮忙!我完全不知所措。

问题是,在为SSO Circle记录的IDP启动的SSO URL中,引用了一个不推荐的
元别名。新值为
/publicidp

因此,URL应为:


https://idp.ssocircle.com:443/sso/saml2/jsp/idpSSOInit.jsp?metaAlias=/publicidp&spEntityID=replaceWithUniqueIdentifier


我已提交了修复程序的拉取请求。
问题是,在记录的IDP启动的SSO URL中,引用了SSO循环的已弃用的
metaAlias
。新值为
/publicidp

因此,URL应为:


https://idp.ssocircle.com:443/sso/saml2/jsp/idpSSOInit.jsp?metaAlias=/publicidp&spEntityID=replaceWithUniqueIdentifier


我已经提交了修复请求