解决samlexception-inresponsetofield-of-the-response-doesnt-correspond-to-sent-mess

sp在校验samlresponse 根据id在session中的samlrequestid 取出，两者进行对比，这里如果做idp-init的话可以注释掉。

1第一种方法 WebSSOProfileConsumerImpl 包名package org.springframework.security.saml.websso;

        // Verify response to field if present, set request if correct
        SAMLMessageStorage messageStorage = context.getMessageStorage();
        if (messageStorage != null && response.getInResponseTo() != null) {
            XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
            if (xmlObject == null) {
                 //取消校验saml Request
                //throw new SAMLException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
            } else if (xmlObject instanceof AuthnRequest) {
                request = (AuthnRequest) xmlObject;
            } else {
                throw new SAMLException("Sent request was of different type than the expected AuthnRequest " + response.getInResponseTo());
            }
        }

如果你一边使用域名，一边使用ip的话也会报这个错误，最好统一使用域名，或者统一使用ip地址。

posted @ 2019-01-15 15:05 cheakceep 阅读(1163) 评论(0) 编辑收藏举报

刷新页面返回顶部

cheakceep

解决samlexception-inresponsetofield-of-the-response-doesnt-correspond-to-sent-mess

公告