L'authentification unique(SSO) à l'aide de SAML avec Ressort de Sécurité
J'ai fait mes 2 projets(j'.e portails web) à l'aide de spring mvc + hibernate en JAVA. MySQL db et Apache en tant que serveur.
Maintenant, mon exigence est d'obtenir SSO(Single Sign on) pour ces deux Portails. j'ai déjà posté à ce sujet mais une seule personne a répondu.
Encore une fois je google et a obtenu SAML extension. Et j'ai obtenu un échantillon https://github.com/spring-projects/spring-security-saml .
Et de suivi de cette https://docs.secureauth.com/display/docs/Spring+de Sécurité+Instructions pour obtenir de l'authentification unique pour mon portails.
J'ai juste intégré un seul portail avec la procédure donnée dans le lien ci-dessus.
Dans le lien ci-dessus de processus, j'ai pas compris secureAuth20.xml et après auth.
Mais j'ai collé l'obtention de l'erreur sur la page web lorsque je l'exécute sur le serveur.
ERREUR:
Erreur
Une erreur s'est produite.
Message:
Les métadonnées pour l'entité localhost et le rôle {urn:oasis:names:tc:SAML:2.0:les métadonnées}SPSSODescriptor n'a pas été trouvé
StackTrace:
org.opensaml.grâce à saml2!.les métadonnées.fournisseur de.MetadataProviderException: les Métadonnées pour l'entité http://localhost:6060/AxisCustomer/ et le rôle {urn:oasis:names:tc:SAML:2.0:les métadonnées}IDPSSODescriptor n'a pas été trouvé
dans Consloe de mon STS :
- Rafraîchissante Racine WebApplicationContext: date de démarrage [Wed Feb 11 14:10:34 IST 2015]; racine de contexte hiérarchie
- Chargement XML bean définitions de ServletContext de ressources [/WEB-INF/securityContext.xml]
securityContext.xml
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<!-- Enable auto-wiring -->
<context:annotation-config/>
<!-- Scan for auto-wiring classes in spring saml packages -->
<context:component-scan
base-package="org.springframework.security.saml"/>
<!-- Unsecured pages -->
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/logout.jsp"/>
<!-- Security for the administration UI -->
<security:http pattern="/saml/web/**"
access-denied-page="/saml/web/metadata/login">
<security:form-login login-processing-url="/saml/web/login" login-
page="/saml/web/metadata/login"
default-target-url="/saml/web/metadata"/>
<security:intercept-url pattern="/saml/web/metadata/login"
access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
<security:custom-filter before="FIRST"
ref="metadataGeneratorFilter"/>
</security:http>
<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/**"
access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST"
ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<!-- Filters for processing of SAML messages -->
<bean id="samlFilter"
class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login/**"
filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout/**"
filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/metadata/**"
filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSO/**"
filters="samlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/SSOHoK/**"
filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout/**"
filters="samlLogoutProcessingFilter"/>
<security:filter-chain pattern="/saml/discovery/**"
filters="samlIDPDiscovery"/>
</security:filter-chain-map>
</bean>
<!-- Handler deciding where to redirect user after successful login -->
<bean id="successRedirectHandler"
class= "org.springframework.security.web.authentication.
SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
<!-- Handler deciding where to redirect user after failed login -->
<bean id="failureRedirectHandler"
class= "org.springframework.security.web.authentication.
SimpleUrlAuthenticationFailureHandler">
<property name="useForward" value="true"/>
<property name="defaultFailureUrl" value="/error.jsp"/>
</bean>
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class=
"org.springframework.security.web.authentication.logout.
SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/logout.jsp"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<!-- Register authentication manager for SAML provider -->
<security:authentication-provider ref="samlAuthenticationProvider"/>
<!-- Register authentication manager for administration UI -->
<security:authentication-provider>
<security:user-service id="adminInterfaceService">
<security:user name="admin" password="admin" authorities
="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<!-- Logger for SAML messages and events -->
<bean id="samlLogger" class=
"org.springframework.security.saml.log.SAMLDefaultLogger"/>
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class=
"org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="nalle123"/>
<constructor-arg>
<map>
<entry key="apollo" value="nalle123"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="apollo"/>
</bean>
<!-- Entry point to initialize authentication, default values taken
from properties file -->
<bean id="samlEntryPoint" class=
"org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
<bean class=
"org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="includeScoping" value="false"/>
</bean>
</property>
</bean>
<!-- IDP Discovery Service -->
<bean id="samlIDPDiscovery"
class="org.springframework.security.saml.SAMLDiscovery">
<property name="idpSelectionPath" value="/WEB-INF/security
/idpSelection.jsp"/>
</bean>
<!-- Filter automatically generates default SP metadata -->
<bean id="metadataGeneratorFilter" class=
"org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class=
"org.springframework.security.saml.metadata.MetadataGenerator">
<property name="extendedMetadata">
<bean class="
org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="idpDiscoveryEnabled" value="true"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<!-- The filter is waiting for connections on URL suffixed with
filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class=
"org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle
of trust is here -->
<bean id="metadata" class=
"org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<!-- IDP metadata -->
<bean class="
org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="
org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/idp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
<!-- SP metadata -->
<bean class="
org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="
org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="
org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata
/localhost_sp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="
org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="alias" value="localhost"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="metaiop"/>
<property name="sslHostnameVerification"
value="allowAll"/>
<property name="signMetadata" value="true"/>
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
<property name="requireArtifactResolveSigned"
value="false"/>
<property name="requireLogoutRequestSigned"
value="false"/>
<property name="requireLogoutResponseSigned"
value="false"/>
<property name="idpDiscoveryEnabled" value="false"/>
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
<!-- OPTIONAL used when one of the metadata files contains
information about this service provider -->
<property name="hostedSPName" value="localhost"/>
<!-- OPTIONAL property: can tell the system which IDP should be used
for authenticating user by default. -->
<property name="defaultIDP" value="http://localhost:6060
/AxisCustomer/"/>
</bean>
<bean id="samlAuthenticationProvider" class=
"org.springframework.security.saml.SAMLAuthenticationProvider">
<!-- OPTIONAL property: can be used to store/load user data after
login -->
<!--
<property name="userDetails" ref="bean" />
-->
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class=
"org.springframework.security.saml.context.SAMLContextProviderImpl"/>
<!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter"
class="org.springframework.security.saml.SAMLProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler"
ref="successRedirectHandler"/>
<property name="authenticationFailureHandler"
ref="failureRedirectHandler"/>
</bean>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter" class=
"org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler"
ref="successRedirectHandler"/>
<property name="authenticationFailureHandler"
ref="failureRedirectHandler"/>
</bean>
<!-- Logout handler terminating local session -->
<bean id="logoutHandler"
class= "org.springframework.security.web.authentication.logout.
SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false"/>
</bean>
<!-- Override default logout processing filter with the one processing
SAML messages -->
<bean id="samlLogoutFilter" class=
"org.springframework.security.saml.SAMLLogoutFilter">
<constructor-arg index="0" ref="successLogoutHandler"/>
<constructor-arg index="1" ref="logoutHandler"/>
<constructor-arg index="2" ref="logoutHandler"/>
</bean>
<!-- Filter processing incoming logout messages -->
<!-- First argument determines URL user will be redirected toafter
successful global logout -->
<bean id="samlLogoutProcessingFilter" class=
"org.springframework.security.saml.SAMLLogoutProcessingFilter">
<constructor-arg index="0" ref="successLogoutHandler"/>
<constructor-arg index="1" ref="logoutHandler"/>
</bean>
<!-- Class loading incoming SAML messages from httpRequest stream -->
<bean id="processor" class=
"org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg>
<list>
<ref bean="redirectBinding"/>
<ref bean="postBinding"/>
<ref bean="artifactBinding"/>
<ref bean="soapBinding"/>
<ref bean="paosBinding"/>
</list>
</constructor-arg>
</bean>
<!-- SAML 2.0 WebSSO Assertion Consumer -->
<bean id="webSSOprofileConsumer" class=
"org.springframework.security.saml.websso.WebSSOProfileConsumerImpl"/>
<!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
<bean id="hokWebSSOprofileConsumer" class=
"org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
<!-- SAML 2.0 Web SSO profile -->
<bean id="webSSOprofile" class=
"org.springframework.security.saml.websso.WebSSOProfileImpl"/>
<!-- SAML 2.0 Holder-of-Key Web SSO profile -->
<bean id="hokWebSSOProfile" class=
"org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
<!-- SAML 2.0 ECP profile -->
<bean id="ecpprofile"
class="org.springframework.security.saml.websso.WebSSOProfileECPImpl"/>
<!-- SAML 2.0 Logout Profile -->
<bean id="logoutprofile" class
="org.springframework.security.saml.websso.SingleLogoutProfileImpl"/>
<bean id="postBinding" class
="org.springframework.security.saml.processor.HTTPPostBinding">
<constructor-arg ref="parserPool"/>
<constructor-arg ref="velocityEngine"/>
</bean>
<bean id="redirectBinding" class
="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding
">
<constructor-arg ref="parserPool"/>
</bean>
<bean id="artifactBinding"
class="org.springframework.security.saml.processor.HTTPArtifactBinding">
<constructor-arg ref="parserPool"/>
<constructor-arg ref="velocityEngine"/>
<constructor-arg>
<bean class ="
org.springframework.security.saml.websso.ArtifactResolutionProfileImpl
">
<constructor-arg>
<bean class="org.apache.commons.httpclient.HttpClient">
<constructor-arg>
<bean class
="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
</constructor-arg>
</bean>
</constructor-arg>
<property name="processor">
<bean
class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg ref="soapBinding"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="soapBinding"
class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<bean id="paosBinding"
class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<!-- Initialization of OpenSAML library-->
<bean class="org.springframework.security.saml.SAMLBootstrap"/>
<!-- Initialization of the velocity engine -->
<bean id="velocityEngine"
class="org.springframework.security.saml.util.VelocityFactory"
factory-method="getEngine"/>
<!-- XML parser pool needed for OpenSAML parsing -->
<bean id="parserPool"
class="org.opensaml.xml.parse.StaticBasicParserPool"
init-method="initialize">
<property name="builderFeatures">
<map>
<entry key="http://apache.org/xml/features/dom/defer-
node-expansion" value="false"/>
</map>
</property>
</bean>
<bean id="parserPoolHolder"
class="org.springframework.security.saml.parser.ParserPoolHolder"/>
</beans>
idp.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID=
"http://localhost:6060/AxisCustomer/"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="true"
protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJh
MQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MT
kxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzE
NMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5pii
LkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhs
YF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8
CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNS
ZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/
r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
/FfwWigmrW0Y0Q==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService index="0" isDefault="true" Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=
"http://localhost:8080/opensso/ArtifactResolver/metaAlias/idp"/>
<SingleLogoutService Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=
"http://localhost:8080/opensso/IDPSloRedirect/metaAlias/idp"
ResponseLocation=
"http://localhost:8080/opensso/IDPSloRedirect/metaAlias/idp"/>
<SingleLogoutService Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=
"http://localhost:8080/opensso/IDPSloPOST/metaAlias/idp"
ResponseLocation=
"http://localhost:8080/opensso/IDPSloPOST/metaAlias/idp"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://localhost:8080/opensso/IDPSloSoap/metaAlias/idp"/>
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8080/opensso/IDPMniRedirect/metaAlias/idp"
ResponseLocation=
"http://localhost:8080/opensso/IDPMniRedirect/metaAlias/idp"/>
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=
"http://localhost:8080/opensso/IDPMniPOST/metaAlias/idp"
ResponseLocation=
"http://localhost:8080/opensso/IDPMniPOST/metaAlias/idp"/>
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://localhost:8080/opensso/IDPMniSoap/metaAlias/idp"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified</NameIDFormat>
<SingleSignOnService Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=
"http://localhost:8080/opensso/SSORedirect/metaAlias/idp"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=
"http://localhost:8080/opensso/SSOSoap/metaAlias/idp"/>
<NameIDMappingService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=
"http://localhost:8080/opensso/NIMSoap/metaAlias/idp"/>
<AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=
"http://localhost:8080/opensso/AIDReqSoap/IDPRole/metaAlias/idp"/>
<AssertionIDRequestService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI"
Location=
"http://localhost:8080/opensso/AIDReqUri/IDPRole/metaAlias/idp"/>
</IDPSSODescriptor>
</EntityDescriptor>
localhost_sp.xml(téléchargé entité)
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md=
"urn:oasis:names:tc:SAML:2.0:metadata" ID="localhost"
entityID="localhost">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm=
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#localhost"><ds:Transforms>
<ds:Transform Algorithm=
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AvF5jq5CC2Hj8GIoGUZ5DYcVcoE=</ds:DigestValue>
</ds:Reference></ds:SignedInfo>
<ds:SignatureValue>Jfn6P9Hqp/SKHOQE5MCrjY4Fp7kbJsSZOafCVS5beB
VOuyCvSyTyrMFD5Xx5x0qw6TZSQuG9OFZPEC
T4Sv9fU5cPTQIrxNv7jx88ie8GCjllypaYIaGPn
3YxY819aiilGL/1x4TgSkWsVJUIH8i1iBjYIPnU6rXr0uEO1J
nft2T6uz8tUc01QCliscnNsOhU0ffYcjR
\ApI3tzZxgjR8A5vSDJHphbOScizR
IyXVD8sZfW1d0shtVkFjVYjl6ek4H
9Znlb7J0iHUqT3dqwaB+Y6IMFM8zA+aQGHVoT
36UVyTuifq7IDqGZzQVPYEmOl1jy/3dYeLIcPiGCW+rgmhZ1w==
</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDV
QTANBgkqhkiG9w0BAQUFADBrMQswCQYDV
QQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua
2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9s
bG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECB
MHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1
UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBA
QCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/
yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/
rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMe
QClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/
N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAY
Ujso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2ml
BztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/
2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/
i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW
/GuHE=
</ds:X509Certificate>
</ds:X509Data></ds:KeyInfo></md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#"><ds:X509Data>
<ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLI
QTANBgkqhkiG9w0BAQUFADBrMQswCQYDV
QQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua
2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9s
bG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECB
MHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1
UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBA
QCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/
yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/
rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMe
QClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/
N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAY
Ujso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2ml
BztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/
2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/
i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW
/GuHE=
</ds:X509Certificate>
</ds:X509Data></ds:KeyInfo></md:KeyDescriptor>
<md:SingleLogoutService Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=
"http://localhost/saml/SingleLogout/alias/localhost"/>
<md:SingleLogoutService Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
Redirect" Location=
"http://localhost/saml/SingleLogout/alias/localhost"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:X509SubjectName</md:NameIDFormat><md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost/saml/SSO/alias/localhost" index="0"
isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>
Veuillez indiquer vos suggestions pour les résoudre .
Merci d'Avance
Vous devez vous connecter pour publier un commentaire.
L'erreur signifie que le Printemps SAML a reçu un SAML message délivré par IDP avec l'ID de l'entité "http://localhost:6060/AxisCustomer/", mais il ne peut pas trouver une telle entité dans vos métadonnées disponibles. Assurez-vous que vos métadonnées bean contient une entité avec cet ID. Ou tout simplement joindre tous vos documents de métadonnées et je peux avoir un coup d'oeil.
Je vous suggère d'utiliser les métadonnées suivantes définition:
Assurez-vous que le référencés idp.xml le fichier est dans le dossier /metadata/idp.xml dans votre projet (vous devez déjà avoir un fichier nommé localhost_sp.xml là) et que l'ID de l'entité dans votre idp.xml est http://localhost:6060/AxisCustomer/