SSL configuration issue with Spring-SAML

Question

I\'m trying to set up a SP based on \"spring-security-saml2-sample\", but when I deploy the WAR file on Tomcat I get the following exception:

Initialization of m         


        

Answer 1

you have to import your IDP(https://dominio.com/fed/idp/metadata) certificate as a trust in your SP machines JDK Path. Typically at <JAVA_HOME>/jre/lib/security/cacerts

Answer 2

By default Spring SAML doesn't use the samlKeystore.jks for verification of calls done with the HTTPMetadataProvider. This means that you will need to import the certificate of the HTTPS endpoint https://dominio.com/fed/idp/metadata to your JDK (typically jre/lib/security/cacerts).

There's also another option. I've just pushed a commit which will allow you to use the samlKeystore.jks also for these calls by including the following bean:

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    <property name="targetClass" value="org.apache.commons.httpclient.protocol.Protocol"/>
    <property name="targetMethod" value="registerProtocol"/>
    <property name="arguments">
        <list>
            <value>https</value>
            <bean class="org.apache.commons.httpclient.protocol.Protocol">
                <constructor-arg value="https"/>
                <constructor-arg>
                    <bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory"/>
                </constructor-arg>
                <constructor-arg value="443"/>
            </bean>
        </list>
    </property>
</bean>

You will need to update to the latest trunk for the TLSProtocolSocketFactory to be available.