使用spring-security 5.7.1我得到
Invalid signature for object [id6...]
这是小断言签名验证的错误消息。但在5.4.2版本中,它可以工作。
这是我的application.yml
spring:
security:
saml2:
relyingparty:
registration:
okta-saml:
identityprovider:
entity-id: http://www.okta.com/e...
verification:
credentials:
- certificate-location: "classpath:saml-certificate/okta.crt"
singlesignon:
url: https://dev-7....okta.com/app/dev-7..._appsaml_1/e.../sso/saml
sign-request: false
也许application.yml中必须更改某些内容?
在升级到Spring Boot 2.7后也看到了同样的问题。问题与验证SAML响应签名有关
2022-06-23 17:26:52.747 DEBUG 5308—[nio-8282- exex -8] o.o.x.s.s.impl.BaseSignatureTrustEngine:使用任何KeyInfo-derived凭据验证签名和/或建立信任失败2022-06-23 17:26:52.747 DEBUG 5308—[nio-8282- exex -8] .x.s.s.i。exicitkeysignaturetrustengine:尝试使用可信凭据验证签名2022-06-23 17:26:52.747 DEBUG 5308—[nio-8282- exex -8] .x.s.s.i.。exicitkeysignaturetrustengine:使用keyinfo派生的或直接信任的凭据验证签名失败