本文介绍了带有别名 xxx 的密钥没有带有 Spring SAML 的私钥的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试测试这个示例应用程序(https://github.com/deeprot/spring-saml-adfs),它是一个简单的 Spring SAML 示例应用程序,使用我的环境,所以,我有这个错误:

I'm trying to test this sample application (https://github.com/deeprot/spring-saml-adfs), its a simple Spring SAML Sample application, with my environment, so, I have this error:

严重:servlet [默认] 的 Servlet.service() 在路径为 [/spring-security-saml2-sample] 的上下文中引发异常java.lang.RuntimeException: 别名为 XXXX 的密钥没有私钥

SEVERE: Servlet.service() for servlet [default] in context with path [/spring-security-saml2-sample] threw exceptionjava.lang.RuntimeException: Key with alias XXXX doesn't have a private key

我在 KeyStore 中导入了 IDP 系统的 CER 文件,但是,我没有这个 CER 的私钥.

I'm imported the CER file of the IDP system in my KeyStore, but, I dont have a private key for this CER.

有什么想法吗?

日志:

[2016-01-22 13:31:04.586] DEBUG [AntPathRequestMatcher] --- Checking match of request : ''; against '/favicon.ico'
[2016-01-22 13:31:04.595] DEBUG [AntPathRequestMatcher] --- Checking match of request : ''; against '/images/**'
[2016-01-22 13:31:04.595] DEBUG [AntPathRequestMatcher] --- Checking match of request : ''; against '/css/**'
[2016-01-22 13:31:04.613] DEBUG [AntPathRequestMatcher] --- Checking match of request : ''; against '/logout.jsp'
[2016-01-22 13:31:04.613] DEBUG [AntPathRequestMatcher] --- Checking match of request : ''; against '/saml/web/**'
[2016-01-22 13:31:04.614] DEBUG [FilterChainProxy] ---  at position 1 of 9 in additional filter chain; firing Filter: 'MetadataGeneratorFilter'
[2016-01-22 13:31:04.615] INFO  [MetadataGeneratorFilter] --- No default metadata configured, generating with default values, please pre-configure metadata for production use
[2016-01-22 13:31:04.615] WARN  [MetadataGeneratorFilter] --- Generated default entity base URL https://localhost:8443/spring-security-saml2-sample based on values in the first server request. Please set property entityBaseURL on MetadataGenerator bean to fixate the value.
[2016-01-22 13:31:04.631] DEBUG [KeyStoreCredentialResolver] --- Building credential from keystore entry for entityID appus, usage type UNSPECIFIED
[2016-01-22 13:31:04.631] DEBUG [KeyStoreCredentialResolver] --- Processing TrustedCertificateEntry from keystore
[2016-01-22 13:31:04.632] DEBUG [EvaluableCredentialCriteriaRegistry] --- Registry located evaluable criteria class org.opensaml.xml.security.credential.criteria.EvaluableEntityIDCredentialCriteria for criteria class org.opensaml.xml.security.criteria.EntityIDCriteria
Jan 22, 2016 1:31:04 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [default] in context with path [/spring-security-saml2-sample] threw exception
java.lang.RuntimeException: Key with alias XXXX doesn't have a private key
    at org.springframework.security.saml.metadata.MetadataGenerator.getServerKeyInfo(MetadataGenerator.java:209)
    at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:329)
    at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189)
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.processMetadataInitialization(MetadataGeneratorFilter.java:127)
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

推荐答案

与IDP无关...

   at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:329)

您没有用于 SP(Spring Security 部分)的正确密钥对.

You don't have a proper keypair for the SP (the Spring Security part).

这篇关于带有别名 xxx 的密钥没有带有 Spring SAML 的私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-21 00:08