sp在校验samlresponse 根据id在session中的samlrequestid 取出,两者进行对比,这里如果做idp-init的话 可以注释掉。
1第一种方法 WebSSOProfileConsumerImpl 包名package org.springframework.security.saml.websso;
// Verify response to field if present, set request if correct SAMLMessageStorage messageStorage = context.getMessageStorage(); if (messageStorage != null && response.getInResponseTo() != null) { XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo()); if (xmlObject == null) { //取消校验saml Request //throw new SAMLException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo()); } else if (xmlObject instanceof AuthnRequest) { request = (AuthnRequest) xmlObject; } else { throw new SAMLException("Sent request was of different type than the expected AuthnRequest " + response.getInResponseTo()); } }
如果你一边使用域名,一边使用ip的话也会报这个错误,最好统一使用域名,或者统一使用ip地址。