SAML服务提供商的弹簧安全性
[英]SAML service provider spring security
问题描述
When using pre-configured service provider metadata, in spring security, should there be 2 beans definitions for extended metadata delegate ? 
在使用预配置的服务提供程序元数据时,在spring安全性中,是否应该有2个bean定义用于扩展元数据委托? one for IDP metadata, and one for SP metadata ? 一个用于IDP元数据,一个用于SP元数据?
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/localhost_sp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="alias" value="default"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
<property name="requireArtifactResolveSigned" value="false"/>
<property name="requireLogoutRequestSigned" value="false"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL"
value="https://www.server.com:8080/context/saml/discovery/alias/default"/>
<property name="idpDiscoveryResponseURL"
value="https://www.server.com:8080/context/saml/login/alias/default?disco=true"/>
</bean>
</constructor-arg>
</bean>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
</constructor-arg>
</bean>
1 个解决方案
解决方案1
11 2014-03-20 16:57:30
Found the answer to my question....positing it here in case someone else looking for the same. 找到我的问题的答案....在这里定位它以防其他人寻找相同的。
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<constructor-arg>
<value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>
</constructor-arg>
<constructor-arg>
<!-- Timeout for metadata loading in ms -->
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
</constructor-arg>
<property name="metadataTrustCheck" value="false"/>
</bean>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">file:///C:/SP_Metadata.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="alias" value="defaultAlias"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
<property name="requireArtifactResolveSigned" value="true"/>
<property name="requireLogoutRequestSigned" value="true"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL" value="https://localhost/mywebapp-SNAPSHOT/saml/discovery/alias/defaultAlias"/>
<property name="idpDiscoveryResponseURL" value="https://localhost/mywebapp-SNAPSHOT/saml/login/alias/defaultAlias?disco=true"/>
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
<!-- my SP_metadata had this as the entity id -->
<property name="hostedSPName" value="urn:test:myapp:auth"/>
<!-- my idp metadata points to the sso circle idp -->
<property name="defaultIDP" value="http://idp.ssocircle.com"/>
</bean>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何使用 spring-security-saml2 配置服务提供者以使用 EncryptedAssertions? - How to configure service provider with spring-security-saml2 to consume EncryptedAssertions?
我们可以在 Quarkus 中使用 spring-security-saml2-service-provider - Can we use spring-security-saml2-service-provider in Quarkus
Spring Security SAML 插件 - 没有配置托管服务提供商异常 - Spring Security SAML plugin - No hosted service provider is configured exception
Spring Security与远程身份验证提供程序(SAML)集成 - Spring Security integration with remote Authentication Provider (SAML)
使用 SAML 和 Spring Security 的 SSO 为 REST 服务 - SSO using SAML with Spring Security for REST service
使用 Spring Security 的 SAML 2.0 在本地选择身份提供者 - Select Identity Provider Locally with Spring Security's SAML 2.0
SAML - Java中的服务提供者 - SAML - Service Provider in Java
使用 Spring 引导实现 SAML 2.0 服务提供者 - Implementing a SAML 2.0 Service Provider using Spring Boot
如何在Spring SAML中禁用服务提供商初始化的SSO? - How to disable Service provider initialized SSO in Spring SAML?
如何在Spring Security中自定义OAuth服务提供商? - How to customize OAuth service provider in Spring security?
相关标签