我参考了 Spring SAML 手册来创建私钥和导入公共证书.但我仍然面临加密/解密的问题.
I have refered the Spring SAML manual to create private key and import public certificate. But I am still facing issues with the encryption/decryption.
我使用手册中提到的以下命令创建了一个JKS文件,如下
I have created a JKS file with the following commands as mentioned in the manual which are as follows
用于导入 IDP 公共证书的命令
Command used to Import public certificate of IDP
keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file testIdp.cer用于私钥的命令
keytool -genkeypair -alias myprivatealias -keypass changeit -keystore samlKeystore.jks私钥和密钥库的密码都定义为'changeit'
Passwords of both private key and keystore is defined as 'changeit'
我已经按如下方式配置了 securityContext
I have configured the securityContext as follows
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager"> <constructor-arg value="classpath:security/samlKeystore.jks"/> <constructor-arg type="java.lang.String" value="changeit"/> <constructor-arg> <map> <entry key="myprivatealias" value="changeit"/> </map> </constructor-arg> <constructor-arg type="java.lang.String" value="myprivatealias"/> </bean>我可以看到 idpDiscovery 页面,我可以在其中选择 IDP.我也可以查看 IDP 的登录页面.但是当我提供用户凭据时,出现以下异常.
I am able to see the idpDiscovery page where I can select the IDP. I am able to view the login page of the IDP as well. But when I provide the user credentials, I am getting the following exception.
当 saml2:EncryptedAssertion 与 SAML 响应中的 saml2p:Status 一起发送时,会发生此异常.(类:spring-saml jar 的 WebSSOProfileConsumerImpl)
This exception is occuring when saml2:EncryptedAssertion is sent along with the saml2p:Status in the SAML response. (Class: WebSSOProfileConsumerImpl of spring-saml jar)
ERROR org.opensaml.xml.encryption.Decrypter - Error decrypting encrypted key org.apache.xml.security.encryption.XMLEncryptionException: No installed provider supports this key: sun.security.provider.DSAPrivateKey Original Exception was java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1479) at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:697) at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628) at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783) Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey at javax.crypto.Cipher.a(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..) at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1475) ... 46 more 740323 [http-8080-2] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved 740324 [http-8080-2] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver 740325 [http-8080-2] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content谁能告诉我我哪里出错了??
Can anyone let me know where I am going wrong??
替代命令使用私钥生成代替上面提到的
Alternate command used Private Key generation instead of the above mentioned
keytool -genkey -alias privatekeyalias -keyalg RSA -keystore samlKeystore.jks如果我使用此命令并更新 JKS 文件,则会收到一个不同的异常,如 InvalidKeyException: Key is too long for unwrapping.
If I use this command and update JKS file, then I get a different exception mentioned as InvalidKeyException: Key is too long for unwrapping.
Caused by: java.security.InvalidKeyException: Key is too long for unwrapping at com.sun.crypto.provider.RSACipher.engineUnwrap(DashoA13*..) at javax.crypto.Cipher.unwrap(DashoA13*..) at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477) ... 46 more 41 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved 42 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver 42 [http-8080-1] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content谁能帮我解决这个问题??
Can anyone help me out in this problem??
推荐答案问题是由于在应用程序中使用的密钥库与生成的密钥库不同造成的:
The problem was caused by using a different keystore in the application than the one generated with:
keytool -genkeypair -alias privatekeyalias -keypass samplePrivateKeyPass -keystore samlKeystore.jks -keyalg RSA -sigalg SHA1WithRSA更多推荐
Spring SAML:解密加密密钥时出错,没有安装的提供程序支持此密钥
发布评论