SSL configuration issue with Spring-SAML

前端 未结 2 536
栀梦
栀梦 2021-02-14 03:46

I\'m trying to set up a SP based on \"spring-security-saml2-sample\", but when I deploy the WAR file on Tomcat I get the following exception:

Initialization of m         


        
相关标签:
2条回答
  • 2021-02-14 04:02

    you have to import your IDP(https://dominio.com/fed/idp/metadata) certificate as a trust in your SP machines JDK Path. Typically at <JAVA_HOME>/jre/lib/security/cacerts

    0 讨论(0)
  • 2021-02-14 04:03

    By default Spring SAML doesn't use the samlKeystore.jks for verification of calls done with the HTTPMetadataProvider. This means that you will need to import the certificate of the HTTPS endpoint https://dominio.com/fed/idp/metadata to your JDK (typically jre/lib/security/cacerts).

    There's also another option. I've just pushed a commit which will allow you to use the samlKeystore.jks also for these calls by including the following bean:

    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="targetClass" value="org.apache.commons.httpclient.protocol.Protocol"/>
        <property name="targetMethod" value="registerProtocol"/>
        <property name="arguments">
            <list>
                <value>https</value>
                <bean class="org.apache.commons.httpclient.protocol.Protocol">
                    <constructor-arg value="https"/>
                    <constructor-arg>
                        <bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory"/>
                    </constructor-arg>
                    <constructor-arg value="443"/>
                </bean>
            </list>
        </property>
    </bean>
    

    You will need to update to the latest trunk for the TLSProtocolSocketFactory to be available.

    0 讨论(0)
提交回复
热议问题