Spring security 使用spring security验证SAML响应时出错_Spring Security_Saml_Saml 2.0_Spring Saml_Opensaml

Spring security 使用spring security验证SAML响应时出错

spring-security

Spring security 使用spring security验证SAML响应时出错,spring-security,saml,saml-2.0,spring-saml,opensaml,Spring Security,Saml,Saml 2.0,Spring Saml,Opensaml,我在应用程序中使用SpringSecuritySAML来实现sso。验证SAML响应时，我遇到以下异常： 2016-12-26 17:33:48,072 DEBUG [org.opensaml.xml.signature.SignatureValidator] Creating XMLSignature object 2016-12-26 17:33:48,072 DEBUG [org.opensaml.xml.signature.SignatureValidator] Validating

我在应用程序中使用SpringSecuritySAML来实现sso。验证SAML响应时，我遇到以下异常：

2016-12-26 17:33:48,072 DEBUG [org.opensaml.xml.signature.SignatureValidator] Creating XMLSignature object
2016-12-26 17:33:48,072 DEBUG [org.opensaml.xml.signature.SignatureValidator] Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2016-12-26 17:33:48,072 DEBUG [org.opensaml.xml.signature.SignatureValidator] Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.SignatureValidator] Signature validated with key from supplied credential
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine] Signature validation using candidate credential was successful
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine] Successfully verified signature using KeyInfo-derived credential
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine] Attempting to establish trust of KeyInfo-derived credential
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine] Failed to establish trust of KeyInfo-derived credential
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine] Failed to verify signature and/or establish trust using any KeyInfo-derived credentials
2016-12-26 17:33:48,088 DEBUG [org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine] Attempting to verify signature using trusted credentials
2016-12-26 17:33:48,089 DEBUG [org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine] Failed to verify signature using either KeyInfo-derived or directly trusted credentials
2016-12-26 17:33:48,089 DEBUG [org.springframework.security.saml.websso.WebSSOProfileConsumerImpl] Validation of authentication statement in assertion failed, skipping
org.opensaml.xml.validation.ValidationException: Signature is not trusted or invalid
    at org.springframework.security.saml.websso.AbstractProfileBase.verifySignature(AbstractProfileBase.java:272)
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionSignature(WebSSOProfileConsumerImpl.java:419)
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:292)
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214)
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
    at

关于这个问题的原因，你有什么想法吗

谢谢

您将此签名存放在哪里？我不认为spring saml使用默认密钥库，所以您需要指定它。谢谢Tina，我使用的证书与我的签名者相同（同样的证书也用于加密/解密）。我没有面临加密/解密的问题，只有验证siganture才会导致问题。