spring-security-saml 的 IdP 元数据格式
IdP metadata format for spring-security-saml
在 spring-security-saml 中部署快速入门指南中的示例应用程序时,我遇到了我不清楚的站点元数据导入错误:
- FrameworkServlet 'saml': initialization completed in 399 ms
Started Tomcat Server
The Server is running at http://localhost:8080/spring-security-saml2-sample
- Next refresh cycle for metadata provider 'https://shibboleth.example.org/inner-metadata.xml' will occur on '2015-10-27T08:47:06.933Z' ('2015-10-27T09:47:06.933+01:00' local time)
- Metadata provider failed to properly initialize, fail-fast=true, halting
org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412)
at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238)
at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258)
... 9 more
- Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@54b1cd failed, provider will be ignored
org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412)
at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238)
at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258)
... 9 more
https://shibboleth.example.org/inner-metadata.xml
处的元数据是 Internet2 shibboleth-sp 在组织中使用的签名元数据(很多 SP 数据,一些 IdP),没有问题。
spring-security-saml 的 IdP 元数据的预期格式是什么?
根据示例应用程序中提供的示例,IdP 元数据包含单个 IdP 的数据,与您的组织元数据相反,您的组织元数据很可能包含您站点中所有 SAML 参与者的所有 SP 和 IdP 元数据。
尝试提取单个 IdP 的元数据。
在 spring-security-saml 中部署快速入门指南中的示例应用程序时,我遇到了我不清楚的站点元数据导入错误:
- FrameworkServlet 'saml': initialization completed in 399 ms Started Tomcat Server The Server is running at http://localhost:8080/spring-security-saml2-sample - Next refresh cycle for metadata provider 'https://shibboleth.example.org/inner-metadata.xml' will occur on '2015-10-27T08:47:06.933Z' ('2015-10-27T09:47:06.933+01:00' local time) - Metadata provider failed to properly initialize, fail-fast=true, halting org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267) at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236) at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412) at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238) at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.lang.NullPointerException at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112) at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328) at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258) ... 9 more - Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@54b1cd failed, provider will be ignored org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267) at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236) at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412) at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238) at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.lang.NullPointerException at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112) at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328) at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258) ... 9 more
https://shibboleth.example.org/inner-metadata.xml
处的元数据是 Internet2 shibboleth-sp 在组织中使用的签名元数据(很多 SP 数据,一些 IdP),没有问题。
spring-security-saml 的 IdP 元数据的预期格式是什么?
根据示例应用程序中提供的示例,IdP 元数据包含单个 IdP 的数据,与您的组织元数据相反,您的组织元数据很可能包含您站点中所有 SAML 参与者的所有 SP 和 IdP 元数据。
尝试提取单个 IdP 的元数据。