未配置 IDP,请使用至少一个 IDP 更新包含的元数据
No IDP was configured, please update included metadata with at least one IDP
您好,我在访问 SAML 时遇到异常情况 url。这主要是使用的 metadata_idp 的问题。因为这是与其他具有不同元数据的 IDP 一起工作的。请帮我找出元数据 xml.
中的问题
javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:161)
org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107)
我的idpmetadat.xml配置如下。
idp.xml
<?xml version="1.0" encoding="UTF-8" ?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
ID="idfdmoAYqQtEozWEOcEj5IgJWhE1k" entityID="https://example.com/nidp/saml2/metadata">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#idfdmoAYqQtEozWEOcEj5IgJWhE1k">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">4UvquLeqvOeKQsO/e3XZdP7pGUE=
</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
fuisfhifhsfif
</SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<md:AttributeAuthorityDescriptor ID="idWBVe5DrgqPvsjol4GsECxwBoARs"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap" />
<md:AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="https://example.com/nidp/saml2/assertion" />
</md:AttributeAuthorityDescriptor>
<md:IDPSSODescriptor ID="id5dNezhGwQ3I1nafN2lvcCnG0hFg"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap"
index="0" isDefault="true" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/slo"
ResponseLocation="https://example.com/nidp/saml2/slo_return" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/slo"
ResponseLocation="https://example.com/nidp/saml2/slo_return" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/rni"
ResponseLocation="https://example.com/nidp/saml2/rni_return" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/rni"
ResponseLocation="https://example.com/nidp/saml2/rni_return" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sso" />
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/sso" />
<md:NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
</md:IDPSSODescriptor>
<md:SPSSODescriptor ID="idit9RFI3qQPIpRJhkjqQawKkdOMk"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/spsoap"
index="0" isDefault="true" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/spslo"
ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/spsoap" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/spslo"
ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/spsoap" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sprni"
ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/sprni"
ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="2" />
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="1" />
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="0" isDefault="true" />
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Preferred
Company</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Preferred
Company</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">www.bubu.com
</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="administrative">
<md:Company> Company</md:Company>
<md:GivenName>vawani</md:GivenName>
<md:SurName>vawani</md:SurName>
<md:EmailAddress>vawani@bubu.com</md:EmailAddress>
<md:TelephoneNumber>xxxxxx</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
您的 IDP 元数据已签名。可能由于签名验证期间失败而未导入。如果是这种情况,您可以重新配置 Spring SAML 以跳过签名验证,将用于签署元数据的证书添加到您的 samlKeystore 或简单地从元数据 xml.[=10 中删除签名=]
您好,我在访问 SAML 时遇到异常情况 url。这主要是使用的 metadata_idp 的问题。因为这是与其他具有不同元数据的 IDP 一起工作的。请帮我找出元数据 xml.
中的问题 javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:161)
org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107)
我的idpmetadat.xml配置如下。
idp.xml
<?xml version="1.0" encoding="UTF-8" ?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
ID="idfdmoAYqQtEozWEOcEj5IgJWhE1k" entityID="https://example.com/nidp/saml2/metadata">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#idfdmoAYqQtEozWEOcEj5IgJWhE1k">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">4UvquLeqvOeKQsO/e3XZdP7pGUE=
</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
fuisfhifhsfif
</SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<md:AttributeAuthorityDescriptor ID="idWBVe5DrgqPvsjol4GsECxwBoARs"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap" />
<md:AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="https://example.com/nidp/saml2/assertion" />
</md:AttributeAuthorityDescriptor>
<md:IDPSSODescriptor ID="id5dNezhGwQ3I1nafN2lvcCnG0hFg"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/soap"
index="0" isDefault="true" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/slo"
ResponseLocation="https://example.com/nidp/saml2/slo_return" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/slo"
ResponseLocation="https://example.com/nidp/saml2/slo_return" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/rni"
ResponseLocation="https://example.com/nidp/saml2/rni_return" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/rni"
ResponseLocation="https://example.com/nidp/saml2/rni_return" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sso" />
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/sso" />
<md:NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/soap" />
</md:IDPSSODescriptor>
<md:SPSSODescriptor ID="idit9RFI3qQPIpRJhkjqQawKkdOMk"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
gjvbdgjdbgjdbgjdgbjkdgbjkdgbjkdgbkdgb
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.com/nidp/saml2/spsoap"
index="0" isDefault="true" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/spslo"
ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/spsoap" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/spslo"
ResponseLocation="https://example.com/nidp/saml2/spslo_return" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://example.com/nidp/saml2/spsoap" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/nidp/saml2/sprni"
ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
<md:ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/sprni"
ResponseLocation="https://example.com/nidp/saml2/sprni_return" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="2" />
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="1" />
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://example.com/nidp/saml2/spassertion_consumer"
index="0" isDefault="true" />
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Preferred
Company</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Preferred
Company</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">www.bubu.com
</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="administrative">
<md:Company> Company</md:Company>
<md:GivenName>vawani</md:GivenName>
<md:SurName>vawani</md:SurName>
<md:EmailAddress>vawani@bubu.com</md:EmailAddress>
<md:TelephoneNumber>xxxxxx</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
您的 IDP 元数据已签名。可能由于签名验证期间失败而未导入。如果是这种情况,您可以重新配置 Spring SAML 以跳过签名验证,将用于签署元数据的证书添加到您的 samlKeystore 或简单地从元数据 xml.[=10 中删除签名=]