spring-security - spring-security-saml2-service-provider 的“未提供 KeyInfo 生成器”

Question

我有一个连接到仅支持 POST 绑定的 SAML idP 的应用程序。在配置了使用 spring-security-saml2-service-provider 手动创建 POST Authentication 请求的应用程序后，我查看了生成的 XML，发现它包含签名信息（这是预期的）但不包含密钥信息。然后在日志中，我注意到它说：

No KeyInfoGenerator was supplied in parameters or resolveable for credential type org.opensaml.security.x509.X509Credential, No KeyInfo will be generated for Signature

这是我的代码手动生成 POST Authentication 请求的样子：

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic()
                .disable()
                .csrf()
                .disable();
    }
    
    @Bean
    public RelyingPartyRegistration nnanetRelyingPartyRegistration() {
        SAMLMetadataSignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();

        return RelyingPartyRegistrations
                .fromMetadataLocation("https://example.com/metadata.xml")
                .entityId("example")
                .registrationId("nnanet")
                .assertingPartyDetails(party -> {
                    party.wantAuthnRequestsSigned(true)
                        .singleSignOnServiceLocation("https://example.com/login")
                        .entityId("https://example.com/login");
                        .verificationX509Credentials(saml2X509Credentials -> {
                            saml2X509Credentials.add(getVerificationCertificate());
                        });
                })
                .signingX509Credentials(saml2X509Credentials -> {
                    saml2X509Credentials.add(getSigningCredential());
                })
                .decryptionX509Credentials(saml2X509Credentials -> {
                    saml2X509Credentials.add(getSigningCredential());
                })
                .build();
    }

    @Bean
    public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
        return new InMemoryRelyingPartyRegistrationRepository(relyingPartyRegistration());
    }

    @Bean
    public Saml2PostAuthenticationRequest saml2PostAuthenticationRequest() {
        Saml2AuthenticationRequestContext.Builder contextBuilder = Saml2AuthenticationRequestContext.builder();
        contextBuilder.assertionConsumerServiceUrl("http://localhost:8080/saml/SSO");
        contextBuilder.relyingPartyRegistration(relyingPartyRegistration());
        contextBuilder.issuer("issuer");

        OpenSamlAuthenticationRequestFactory factory = new OpenSamlAuthenticationRequestFactory();

        return factory.createPostAuthenticationRequest(contextBuilder.build());
    }

saml2PostAuthenticationRequest()由于某些超出此问题范围的原因，我只是从我的控制器调用该方法并生成一个自动提交的表单。在进一步查看 之后OpenSamlAuthenticationRequestFactory，看起来这是SignatureSigningParameters专门创建的，不包括，KeyInfoGenerator因为它只是在私有方法中创建的。有没有人知道如何解决这个问题，或者指出我是否做错了什么？

谢谢！

Answer 1

这将在 Spring Security SAML 2 的未来版本中解决

请查看 PR - https://github.com/spring-projects/spring-security/pull/9746