Spring SAML ADFS:java.security.InvalidKeyException
作者:互联网
我的任务是实现对具有LDAP的Active Directory联合身份验证服务(SSL)的可访问性.
首先,我不得不说我在ADFS和SAML中的经验非常少.
我决定采用Spring Security SAML扩展来实现此功能.
我从GIThub下载并安装了Spring Security项目的SAML扩展:
https://github.com/spring-projects/spring-security-saml
我在官方文档中找到了
http://docs.spring.io/spring-security-saml/docs/1.0.x/reference/html/
请按照“ 6. IDP集成指南”中的说明进行操作.
>我从ADFS服务器下载元数据
>我将下载的元数据存储在saml2-sample / WEB-INF / src / main / resources / security / FederationMetadata.xml中,并增强了securityContext.xml的描述方式
>启动Web应用程序后,系统会自动生成元数据文档
>我创建一个metadata.xml并将其交给ADFS服务器的系统管理员
>系统管理员完成其余所有工作.
之后,我想测试登录名.选择IDP并单击“登录”按钮后,要求我提供凭据.
传输凭据后,我得到以下结果/异常:
- Evaluating security policy of type 'org.opensaml.ws.security.provider.BasicSecurityPolicy' for decoded message
- SAML protocol message was not signed, skipping XML signature processing
- Successfully decoded message.
- Checking SAML message intended destination endpoint against receiver endpoint
- Intended message destination endpoint: ........
- Actual message receiver endpoint: ........
- SAML message intended destination endpoint matched recipient endpoint
- Verifying issuer of the message
- Decrypting assertion
- Getting key iterator from next resolver: class org.opensaml.xml.encryption.InlineEncryptedKeyResolver
- Found matching encrypted key: org.opensaml.xml.encryption.impl.EncryptedKeyImpl@78f5b81e
- Added decryption key algorithm criteria: RSA
- Error decrypting the encrypted data element
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size
Original Exception was java.security.InvalidKeyException: Illegal key size
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown Source)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:574)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:763)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:513)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:440)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:401)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:190)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:81)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
有人可以帮我解决这个问题吗?
最好的祝福
汤玛士
解决方法:
这可能是由于Java最初有限的加密功能引起的. Spring Securtiy SAML扩展的文档可能对此问题颇有帮助:
Due to US export limitations Java JDK comes with a limited set of
cryptography capabilities. Usage of the SAML Extension might require
installation of the Unlimited Strength Jurisdiction Policy Files which
removes these limitations.
您可以从http://www.oracle.com/technetwork/java/javase/downloads/index.html获取Java密码学扩展(JCE)无限强度管辖权策略文件7-这应该可以解决此问题.
标签:spring-security,spring-saml,adfs2-0,spring,saml-2-0 来源: https://codeday.me/bug/20191030/1967620.html