SAML service provider spring security
在Spring安全性中,使用预配置的服务提供者元数据时,扩展元数据委托是否应有2个bean定义?一个用于IDP元数据,另一个用于SP元数据?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <constructor-arg> <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> <constructor-arg> <value type="java.io.File">classpath:security/localhost_sp.xml</value> </constructor-arg> <property name="parserPool" ref="parserPool"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> <property name="local" value="true"/> <property name="alias" value="default"/> <property name="securityProfile" value="metaiop"/> <property name="sslSecurityProfile" value="pkix"/> <property name="signingKey" value="apollo"/> <property name="encryptionKey" value="apollo"/> <property name="requireArtifactResolveSigned" value="false"/> <property name="requireLogoutRequestSigned" value="false"/> <property name="requireLogoutResponseSigned" value="false"/> <property name="idpDiscoveryEnabled" value="true"/> <property name="idpDiscoveryURL" value="https://www.server.com:8080/context/saml/discovery/alias/default"/> <property name="idpDiscoveryResponseURL" value="https://www.server.com:8080/context/saml/login/alias/default?disco=true"/> </bean> </constructor-arg> </bean> <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <constructor-arg> <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> <constructor-arg> <value type="java.io.File">classpath:security/idp.xml</value> </constructor-arg> <property name="parserPool" ref="parserPool"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/> </constructor-arg> </bean> |
找到了我的问题的答案......将其放置在此处,以防其他人寻找它。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager"> <constructor-arg> <list> <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <constructor-arg> <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider"> <constructor-arg> <value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value> </constructor-arg> <constructor-arg> <!-- Timeout for metadata loading in ms --> <value type="int">5000</value> </constructor-arg> <property name="parserPool" ref="parserPool"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/> </constructor-arg> <property name="metadataTrustCheck" value="false"/> </bean> <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <constructor-arg> <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> <constructor-arg> <value type="java.io.File">file:///C:/SP_Metadata.xml</value> </constructor-arg> <property name="parserPool" ref="parserPool"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> <property name="local" value="true"/> <property name="alias" value="defaultAlias"/> <property name="securityProfile" value="metaiop"/> <property name="sslSecurityProfile" value="pkix"/> <property name="signingKey" value="apollo"/> <property name="encryptionKey" value="apollo"/> <property name="requireArtifactResolveSigned" value="true"/> <property name="requireLogoutRequestSigned" value="true"/> <property name="requireLogoutResponseSigned" value="false"/> <property name="idpDiscoveryEnabled" value="true"/> <property name="idpDiscoveryURL" value="https://localhost/mywebapp-SNAPSHOT/saml/discovery/alias/defaultAlias"/> <property name="idpDiscoveryResponseURL" value="https://localhost/mywebapp-SNAPSHOT/saml/login/alias/defaultAlias?disco=true"/> </bean> </constructor-arg> </bean> </list> </constructor-arg> <!-- my SP_metadata had this as the entity id --> <property name="hostedSPName" value="urn:test:myapp:auth"/> <!-- my idp metadata points to the sso circle idp --> <property name="defaultIDP" value="http://idp.ssocircle.com"/> </bean> |