无法验证 SAML，因为响应中没有签名块

我正在使用 spring-security-saml2-service-provider 来实现 SAML2 服务提供者。 在IDP页面成功登录后，浏览器重定向回响应页面并显示

Did not decrypt response [_424bf243-4853-41d8-b1be-c5c5a2c3a3af] since it is not signed

解密后我的回复是

<samlp:Response ID="_424bf243-4853-41d8-b1be-c5c5a2c3a3af"
            Version="2.0"
            IssueInstant="2024-09-18T10:26:37.723Z"
            Destination="https://rbportal.onprem.vpbank.dev/saml/login/saml2/sso/rbportal-dev"
            Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
            InResponseTo="ARQ07866c1-9ac7-43b8-b319-0b3e5dcc599e"
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.testdev.vpb.com.vn/adfs/services/trust</Issuer>
<samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                </e:EncryptionMethod>
                <KeyInfo>
                    <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:X509IssuerSerial>
                            <ds:X509IssuerName>CN=rbportal.onprem.vpbank.dev, OU=DF Department, O=VPBank, L=HaNoi, S=HaNoi, C=VN</ds:X509IssuerName>
                            <ds:X509SerialNumber>275984599929908137247445060769002701383876346483</ds:X509SerialNumber>
                        </ds:X509IssuerSerial>
                    </ds:X509Data>
                </KeyInfo>
                <e:CipherData>
                    <e:CipherValue>iKjhREHzkDvxkHw3DLmhKVeo3Cmz38TKXdzhysaXusptfLzxSzPE/vF8DXB5UQ8MS7kg8RU+ESXLvAi65zYEB/XcoxhBL7heiRcLiu78YUIYlnWIiGDovM4J6iV1j2zxVIgaoJYMqQLPgmKJ6woGN4+2yW6FtNz2s8NRR1CsaZIBMb1f96kzfrSqK223p5/UhnrUbvBY9VgAQEE7T88zgkdqI4HsyHhi108b38ISxaRJEMfTlGiE1IlIdvIHzo4tP9eX/QTJgmgAWxNY9AAEGzazCdedNDlsQd6OgqArABXNU7k0aVp0WKgzqYvxY6S47ej/ueOPir9gjsnu0GdeUg==</e:CipherValue>
                </e:CipherData>
            </e:EncryptedKey>
        </KeyInfo>
        <xenc:CipherData>
            <xenc:CipherValue>C0a2WDsUQ6yVT/dDiNDPFhiZWVyo76z87SUpbaRwWNFj6HkpKKyKpHAfw6k531KfTXRcgTvVfxABSVN9MQqa/TzWk51MANzFcaheiRYrjjEFN7cUZBj/pwLKGse2J0BY4Rp6hSP15TE45y+AvSVyQkJOCMRMVJT4aydvAH6jT+frIb8vZb5pixTI4Ont7BVukdkVrIZ9W30s0OgSj+H9270NLn1jH+QnVedZreC+/tfJNVRrNObNj2z8eaTCShZ3mZt2eNYAUa8tyepVeQiO+73WhjqXOL6wLkx8L92SgGMZVujFVEUpwoqos1wne26sBuVUtdZMSKlkt8VYutMKXYY5qiiUxLwoYLI8/s+ZDMpUK9Amy6RVmIMjc8dHrpYztmL+WwG7diNXGAQh0LS6LNgchc964d2UcJHfkFFvMLycoAe+dOgDiZ+7fUvo1FwndRsKpKRrEr/cF52fAf4t4C3esShcCU2/q/5Bwe3ALSTL2GBkObr4eYTFuXruqow2bmR1CfMzI3Ehfk0LZtTfVrEuqWTkgkLmXzqCLaeTpv1tg/bpvTZ6ySceRjMps8ylX/XSjWZSddWFD43MypCvp09QDmpy6FGLpnIMpbzQos9RbuSCJPW9whPNExIjAzzfYrUH/3NgPiwqWO+8avpVVWd5ASx95Kdi2GRNyLt3dwtA77oPVlLGwW07f0IsSgkenlqCfytNLt1XT+9uwA5Xrv61aYb645AGaUl2jbaKydBR6qnJDCQmtjzVh+URCGWJRFf4U+PqGlsKsyZCd+S4eu/d+iMbtGBFqFKP6mLMKkm16uPKd//Z+Gub/3d4HN7CZsA2N6R1bTc62cq0Hj9EGe8LxLQObF7TejH9kHu+XiTWQJCOqYjEm7+zS16IKGFth0KklN+MTT4A/yxwoH/RNvS/rE2bnnA9mnHwXv9B8SUwKizwCErI6QnDlsukHYai3M0AqD26MyROqXz+0VRXLvNSeNObq1vchn01/8RJAApNCdww2yGj+AqQc71C/KuqmQvM3zTP2Dy1Xac+ra6wLE2SBd29NGynNmtmekmV7cdX7vqETkbBIiZD1QsQNK4a4AtH5nzhUAodxxFTIU16qb24fI6cepyuq8Ct7NhlQ9ylYJt/4HzzWSfTErkizeq0zdnSLFdxFryp2QzT+hLDtgjtEE5Uohakl59MygH3wlA5xucNJSxgLSvu5rBgz+04OBJT9s26ebPFqZO4gsbU7AkxWuGtUZOQsn3WP5WikHB9PK/iIbN35SGVbxbr6wXDAmmtEq1fcGLryEBHrKjsQDx7Vg4BBv0wEJ+9MqAVfYoNiA3JJUkc8CdPVCULPWfUuo1arD3wlisAw4NpfvfD0+ceel3czKW29OVC/fusi7iH8QM+5oK7B75CVAlxZhW0jb6bxDqm+zn1tFeAXP8hywnJV/ZArA9yFFgsllCionQWqe8OorMKyU1VSORDGvJN2zuLl9c27TwR7fbiG2ihKtvRE6PnS1O1G30ZBO0618KiL8ssfwT2i9U26d6w6Ej9trGDDKjVbB5CkWPfDfJE2dcZxXt9qg0SW0Y8AiFZdK+7jQsZEK1nLwELzsmId3DkRCiSuE3DUEJjOYWoe6roelRFLkApBD3GKW29Umf9RYly9S4QlSjp9AjkP5yP/c19C+6+PL1aNjRIoYnu0IhAEwCHyBLhjTcfjQ5dVmiNL2dXnT8AjGJ/XGFgP7Hxsc6t3UX2Q9o47dX/o5/sG7xhaASTIspvWVFZRhHrAWOtbO2D7mUx5FXRo8kG1j/1g8B2HMOWwObJ0VZNnon1BUOtFyuovziu2O4Jd2WNkJ5sgjsi9eSuzBQ9BqVnbPS8CSztGqpeSdSAvyKiGQmrtACWS4knVWSqBff4su2TlV2crKnr9mXiR7x8YQ5eeJCQZKChb3a/ffLa5WeLOupezdPoCkRFPSmRZvzZ9Ixwz3tHCOh8ZGVQd/Emmguf3M8BBYyurvspXi9cIvKO07spXJqVpYz1VK8gMlATH3lVla3JSCy7eFLXXBhIyqQfxoPBOffxur2d1+5OzuOdeFFoGVOSjnZiur1enxxOg3xVL4cPaAFmolZTFmFEtM4wyTWD2GyZz6VgqKTHwu1hkoWMMfjGN4e3EXFBO2pgFIaRkLFR01hPQ+nJoP2YeowmmeVpvrO8RM54Gm9iVc8b3QVnp+XkD6OIP4+qQJ61OQzgAWuVDsiIOz/iye1gHTfxOq3FL/q415torYge72o/m2nmundZ2yE6rKOfFpu7HGE8Vt7KzKkvsuZbHk4LFcZT8mBU+b73uFwqq2e2EfyGAvzbgp6iZJVIwsjq9NXP3TB2YGUsPdyFUH6aNdA+4d8VYphH3+83iWE+qLJnrLHIxJM0qhVc36lYP5q4q4c1wg+OW3gN0WG6x+GJLc4w4aZ/FPm+dWmq55ZapOkIDM4BwCQakN+Hm/+Zs0Fo31WQHHd2jgWs1iLHG3Q+zOLFmCsZxhGSSE5OWYPiXGmX6fhxYqEVaGdRb8ipfw9zdvctrCxM3rwC5VcRARFVBWtbtbJAQyL8OdA9eWtO/rAa0Xgoy1v6lGzT1QzmI4dJ/zL8npVQK7fGXpy8VgLper/67VpkIn0Bkpr9vEFovzNXg8oj89/ERhiQXP5Gq6AkCmV8ZneowvsNbh0TJHKhXz4u8ZNPy22gZbm7dihACeBj/gngpNEBrEkpgdoCRmlpcWkroCQwMWZnMVbPgQNATo1JNfFSYjpcCHHaVfnx+g8xTJFcvd8fZ9YisPqupwnH0GyQUM6qJWbyul7FF6mOi/WCEfO8LginOn6YnejTNmtRs9Oma3i5cJe7UXmAkwqpsikT/zsNHL7koVkBMwzxxpng6VGw2ZEu3tVq0+8WJHPriKFiAN/89h0hcj8buU02ffHauJxIo76vv+qWsSRDP4HMN3PGn5VsIOPXqPD32zxd6vH8kex4Bm79GAZyYCArNuobcC7cXqdcHbOsVZhgVipC3veqUsHGIhFkBTS1qjP1IWYkfliZPdBb4ulpby7s1YIJRlZFLSemDCeIzwxOhcAXDpxcO9XPSk6/+Ff8sE1qLKfLh1JNg2aQ3wrMAWKdfacURtAfXg8Bt6OGVSOtXh74sdPl6wH77IC7Wi/x8A5vrQqPWe1hohnailk4FWl7v0BxEb4Mms3EuH2GQmqb9kzSSaDcHP93lyNPKf0C7BXDUpXqblpJTPvl3kFcxbbATKgcO/bTr9IrWJrDsUwyDYBueaWM+6KSH2JHXP02nHcfv16mk7vgi+x1eUPOC6Kf9AVHvWyxFK1KZkpExnbL2kK+JkX0MS0sQGVGbotkxpNE6wTJQiINOesf2/ugTHftQRgok1MpOi9NnCa1Bssv6JNQdhWyZJkCANRJNDiYmImN8S7TBgPDgLy+oWbpXPrQcJuACefBaQVrLtbuaAg7qGcBymJOfk1mh95wZZ9N3w06y9+S5EAvBTzo92MgjbbNipdaC57w5u7YWGw4IsqVWapmSP7S4yGHr+ufI743QM8RyhTYYt08pwN9aoY8sRq9RlAGo6GNmSwwzvTtSH2BegkXjQSGOG8tQAgv7oFPxX4Qhz7ja+utm2nLMSfOpw8K+S85AZSygon2dx8Ns9BZn+Vum5s10xFrQQF72GEX5pVFZp9ol/ZYiMnr0UX63r/zf4o2tV0MOTWCnSx8FMXl1i5K/DhmN5Dkhn3mix/bqF74c7CiADCkC6FPzikncUTZUZKhgtJlnFPI86bHocNtWDbUF3RCur+5LM7gyaNPpRZfY6zJYzot12V87w8Wa/LFtcOYNl4kyaF88wYK6g4zqFPMwFb7C489aCyswHjFZL0k3JQsJGzabanFl7SG/vA5OR4+bjrZ58fOpOhbWpwteGMCGG6SGqBG/jxwsvd56nK9Xv85SazA0KzU76VAytfeKZusJ4r8K+caqmAjp8fd/OLUO4LmMXF2Y0i86KpE/uXG+vxpIP5UXreOy3c+MTaxshnDRbNOHUNmqsWDKxKaQgbloXinFfUl/XJS+4lAlkn0elkdpebnTSfliHvL2kWI2hpiL7Yw/u45HF0ehFXLhZycDG3gtzAHRgXnq+ykMfbZVwd5cvjgjTr/8W5AcHNeyPuV65wkK7T1m+pcXvcsOfAzYiNmvVJLv91+uBTyrScq7vCn+Hbo8fIkT2864jTElZENOjCZHp++1Fz9LaLVy0fxq79c+e/Qfza4A2m7zngRUZAOC+Tta0w0pLCLPWAOTKMNGiar8mZaIxhSegDMQfMKROAiZiJ+6oTdRUhJH+UtlY4f1jizkWUa3s/Xcs7nbZJmwycDjFAhg9BAMvLCZHi8v/AplduvK8mxIpV3DGBFlxVdpix0a4sC2+IXipKPi+zk5fsQNw3+3WZV9rqLCoU/JTs+5+ctyHPnsqz5vFWaFZhN+74SHI09rSt0AJ1Re9o1UpVyyJ7vKHdA0/IsvL+UHYY+72brrR81bjp6JXoqOdfIJWmcL5PPCpNx2ZfqmmYPcOEfCzwepyk/T18n3/jT6TgQVojEBIjupg8yEHJaDoKKHXWjD3QuCO1QGW31M2n/616TmBcbYYfwdVrEyAJYt2wxDtsu+MIXhONbRoWsnGlOwbd1I7IKwwnX7y2py0AD3lpRXKDylzA=</xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>
</EncryptedAssertion>
</samlp:Response>

当我检查源代码时，我发现它检查响应中的签名

if (responseSigned) {
    this.responseElementsDecrypter.accept(responseToken);
}
else if (!response.getEncryptedAssertions().isEmpty()) {
    result = result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE,
        "Did not decrypt response [" + response.getID() + "] since it is not signed"));
}

我的回复中没有签名，因此我收到了错误。

但是当我在 https://www.samltool.com/validate_response.php 检查此响应时，它表明我的响应是有效的。

THE SAML RESPONSE IS VALID.

spring-security-saml2-service-provider 是否不支持本页中描述的响应类型https://www.samltool.com/generic_sso_res.php（带有加密断言的 SAML 响应）？