实施SAML SSO时出现以下错误的原因是什么

2022-03-07 00:00:00 saml single-sign-on java spring-saml

您能不能给我指个正确的方向,告诉我哪里可能出了问题:

示例消息:

<?xml version="1.0" encoding="UTF-8"?>
 <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://source.com/saml/SSO/alias/umhbdev.fideliseducation.com"
    Destination="https://destination.com/trust/saml2/http-post/sso/519153" ForceAuthn="false" 
    ID="a2cg4958cgi94aji2iac7h1j6a3j0jj" 
    IsPassive="false" 
    IssueInstant="2016-04-11T15:42:47.681Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">source.com
</saml2:Issuer>
</saml2p:AuthnRequest>;

错误

   INFO [11 Apr 2016 15:42:50,495] [http-nio-80-exec-1](SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java:100)
    - SAML protocol message was not signed, skipping XML signature processing

    ERROR [11 Apr 2016 15:42:50,495] [http-nio-80-exec-1](ExceptionFilter.java:58) - Error occurred

    java.lang.IllegalArgumentException: Given URL is not well formed

    at org.opensaml.util.URLBuilder.<init>(URLBuilder.java:120)

    at org.opensaml.util.SimpleURLCanonicalizer.canonicalize(SimpleURLCanonicalizer.java:87)

    at org.opensaml.common.binding.decoding.BasicURLComparator.compare(BasicURLComparator.java:57)

    at org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder.compareEndpointURIs(BaseSAMLMessageDecoder.java:173)

    at org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder.checkEndpointURI(BaseSAMLMessageDecoder.java:213)

    at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:72)

    at org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:105)

    at org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:172)

    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:77)

    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)

    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)

    Caused by: java.net.MalformedURLException: no protocol: {recipient}

    at java.net.URL.<init>(URL.java:593)

    at java.net.URL.<init>(URL.java:490)

    at java.net.URL.<init>(URL.java:439)

    at org.opensaml.util.URLBuilder.<init>(URLBuilder.java:77)

    ... 61 more

解决方案

您的AssertionConsumer ServiceURL应该是AssertionConsumerServiceURL="https://source.com/saml/SSO"

相关文章