spring-security-saml 的 IdP 元数据格式

IdP metadata format for spring-security-saml

在 spring-security-saml 中部署快速入门指南中的示例应用程序时,我遇到了我不清楚的站点元数据导入错误:

- FrameworkServlet 'saml': initialization completed in 399 ms
Started Tomcat Server
The Server is running at http://localhost:8080/spring-security-saml2-sample
- Next refresh cycle for metadata provider 'https://shibboleth.example.org/inner-metadata.xml' will occur on '2015-10-27T08:47:06.933Z' ('2015-10-27T09:47:06.933+01:00' local time)
- Metadata provider failed to properly initialize, fail-fast=true, halting
org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267)
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
    at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
    at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
    at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412)
    at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238)
    at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
    at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040)
    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
    at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112)
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328)
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258)
    ... 9 more
- Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@54b1cd failed, provider will be ignored
org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267)
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
    at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
    at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
    at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412)
    at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238)
    at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
    at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040)
    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
    at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112)
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328)
    at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258)
    ... 9 more

https://shibboleth.example.org/inner-metadata.xml 处的元数据是 Internet2 shibboleth-sp 在组织中使用的签名元数据(很多 SP 数据,一些 IdP),没有问题。

spring-security-saml 的 IdP 元数据的预期格式是什么?

根据示例应用程序中提供的示例,IdP 元数据包含单个 IdP 的数据,与您的组织元数据相反,您的组织元数据很可能包含您站点中所有 SAML 参与者的所有 SP 和 IdP 元数据。

尝试提取单个 IdP 的元数据。