使用Java代码进行Saml断言解密
[英]Saml Assertion Decryption using java code
问题描述
Error: 
错误:
Exception in thread "main" org.opensaml.xml.io.UnmarshallingException: the assertion does not appear to be encrypted
at AssertionDecrypter.unmarshallEncryptedAssertion(AssertionDecrypter.java:162)
at AssertionDecrypter.decryptAssertion(AssertionDecrypter.java:119)
at AssertionDecrypter.<init>(AssertionDecrypter.java:67)
at Saml2AssertionEncoding.main(Saml2AssertionEncoding.java:112)
Caused by: java.lang.ClassCastException: org.opensaml.saml1.core.impl.ResponseImpl cannot be cast to org.opensaml.saml2.core.EncryptedAssertion
at AssertionDecrypter.unmarshallEncryptedAssertion(AssertionDecrypter.java:157)
... 3 more
My Java code 我的Java代码
My Pom 我的宝
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml-core</artifactId>
<version>3.1.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>2.0.8</version>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
<version>2.6.4</version>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml-saml-impl</artifactId>
<version>3.3.0</version>
<scope>test</scope>
</dependency>
<dependency>
<!-- <groupId>org.opensaml</groupId> <artifactId>xmltooling</artifactId>
<version>1.3.1</version>
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
<version>1.4.4</version> -->
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>com.jcabi</groupId>
<artifactId>jcabi-aspects</artifactId>
<version>0.22</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.8.3</version>
</dependency>
<dependency>
<groupId>com.jcabi</groupId>
<artifactId>jcabi-xml</artifactId>
<version>0.16.2</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.7.5</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>openws</artifactId>
<version>1.4.1</version>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
<version>2.2.1</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
</dependencies>
2 个解决方案
解决方案1
0 2017-09-01 07:30:30
It seems you need to debug encrypted XML elements. 看来您需要调试加密的XML元素。 Can you check the contents of document.getDocumentElements() is right XML ? 您可以检查document.getDocumentElements()的内容是否是正确的XML吗?
I guess it's null or empty. 我猜它为空或为空。 After successfully got raw XML elements from above function, you can decrypt XML to plain text. 从上述函数成功获取原始XML元素后,您可以将XML解密为纯文本。 For example, this site SAML Assertion Decryption - SAML Decrypt XML Tool - Decrypt SAML Response 例如,此站点SAML断言解密-SAML解密XML工具-解密SAML响应
解决方案2
0 2017-09-01 09:03:16
Ok, seems to be two things wrong. 好吧,似乎有两件事是错误的。
It looks like you are accidentally trying to decrypt the response object and not the containing assertion. 看来您不小心尝试解密响应对象而不是包含的断言。 You should do 你应该做
Response response = unmarshaller.unmarshall(...);
return (EncryptedAssertion) response.getEncryptedAssertions().get(0)
Provided that you know that only one assertion is sent in the response. 前提是您知道响应中仅发送一个断言。
However it seem like you are getting a SAML 1 response message and not SAML 2. Im not an expert on SAML 1 but it seem that encryptet assertions are not supported. 但是,似乎您收到的是SAML 1响应消息,而不是SAML2。我不是SAML 1的专家,但似乎不支持加密声明。
So first sort the protocoll version out with the one sending the message and then make sure to return the encrypted assertion and not the response object. 因此,首先将协议版本与发送消息的版本进行排序,然后确保返回加密的断言而不是响应对象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.