使用 OpenSAML v3 从 IDP 元数据创建凭证对象
Creating credential object from IDP Metadata with OpenSAML v3
我正在尝试验证从 SSO Sircle (IDP) 返回的 SAML 响应。为此,我使用 SSO 圈子 (https://idp.ssocircle.com/idp-meta.xml) 提供的 IDP 元数据来使用 IDP public 密钥创建凭证对象,如下所示:
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\idp_metadata.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(new BasicParserPool());
idpMetadataResolver.initialize();
MetadataCredentialResolver credentialResolver = new MetadataCredentialResolver();
credentialResolver.setRoleDescriptorResolver(new BasicRoleDescriptorResolver(idpMetadataResolver));
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion("https://idp.ssocircle.com"));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
X509Credential credential = (X509Credential)credentialResolver.resolveSingle(criteriaSet);
但是,这会在尝试初始化 idpMetadataResolver 时引发异常:
net.shibboleth.utilities.java.support.component.ComponentInitializationException: Component identifier can not be null
at net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent.doInitialize(AbstractIdentifiedInitializableComponent.java:65)
at org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver.doInitialize(AbstractMetadataResolver.java:188)
at net.shibboleth.utilities.java.support.component.AbstractInitializableComponent.initialize(AbstractInitializableComponent.java:61)
我是 OpenSAML 的新手,我主要是在网上查看示例和教程,但其中大部分都是为 OpenSAML v2.0 编写的。我想知道在初始化对象时我是否做错了什么。
在深入了解 OpenSAML 3 Java 文档和 Shibboleth 开发社区之后,我想我找到了问题的答案。元数据解析器对象需要设置如下:
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\idp.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
idpMetadataResolver.setId("someidentifier");
idpMetadataResolver.initialize();
我正在尝试验证从 SSO Sircle (IDP) 返回的 SAML 响应。为此,我使用 SSO 圈子 (https://idp.ssocircle.com/idp-meta.xml) 提供的 IDP 元数据来使用 IDP public 密钥创建凭证对象,如下所示:
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\idp_metadata.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(new BasicParserPool());
idpMetadataResolver.initialize();
MetadataCredentialResolver credentialResolver = new MetadataCredentialResolver();
credentialResolver.setRoleDescriptorResolver(new BasicRoleDescriptorResolver(idpMetadataResolver));
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion("https://idp.ssocircle.com"));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
X509Credential credential = (X509Credential)credentialResolver.resolveSingle(criteriaSet);
但是,这会在尝试初始化 idpMetadataResolver 时引发异常:
net.shibboleth.utilities.java.support.component.ComponentInitializationException: Component identifier can not be null
at net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent.doInitialize(AbstractIdentifiedInitializableComponent.java:65)
at org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver.doInitialize(AbstractMetadataResolver.java:188)
at net.shibboleth.utilities.java.support.component.AbstractInitializableComponent.initialize(AbstractInitializableComponent.java:61)
我是 OpenSAML 的新手,我主要是在网上查看示例和教程,但其中大部分都是为 OpenSAML v2.0 编写的。我想知道在初始化对象时我是否做错了什么。
在深入了解 OpenSAML 3 Java 文档和 Shibboleth 开发社区之后,我想我找到了问题的答案。元数据解析器对象需要设置如下:
FilesystemMetadataResolver idpMetadataResolver = new FilesystemMetadataResolver(new File("C:\idp.xml"));
idpMetadataResolver.setRequireValidMetadata(true);
idpMetadataResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
idpMetadataResolver.setId("someidentifier");
idpMetadataResolver.initialize();