堆栈内存溢出
  简体   繁体   English

如何在Spring SAML中禁用服务提供商初始化的SSO?

[英]How to disable Service provider initialized SSO in Spring SAML?

 原文  2015-04-24 09:21:58       java/ spring/ saml/ spring-saml

问题描述

My product uses only Identity Provider initialized SSO and it works fine. 我的产品仅使用Identity Provider初始化的SSO,并且工作正常。 Requests to http://localhost:8080/saml/SSO are validated. 验证对http:// localhost:8080 / saml / SSO的请求。 For correct requests a session is created, for wrong ones I am getting status 401. 对于正确的请求,将创建一个会话,对于错误的请求,我将获得状态401。

I have problem with incoming requests to other endpoints (ones that should be secured), like http://localhost:8080/messages 我对其他端点(应确保其安全)的传入请求有问题,例如http:// localhost:8080 / messages

When request has correct, authenticated session id it works fine. 当请求具有正确的,经过身份验证的会话ID时,它可以正常工作。 But for not authenticated requests, I am redirected to my Identity provider page, with URL 但是对于未经身份验证的请求,我将使用URL重定向到我的身份提供程序页面

https:///sso/SSO?SAMLRequest= HTTPS:/// SSO / SSO SAMLRequest =

How to disable that behavior? 如何禁用该行为? I want just to reject those requests with 'Authentication failed' response, without any interaction with Identity provider. 我只想拒绝带有“身份验证失败”响应的请求,而无需与身份提供者进行任何交互。

1 个解决方案

解决方案1
 2 已采纳  2015-04-24 20:27:42

Simply remove the SAMLEntryPoint which is responsible for initialization of SP SSO. 只需删除负责SP SSO初始化的SAMLEntryPoint Spring Security will then use the default entry point which should behave as you expect. 然后,Spring Security将使用默认入口点,该入口点的行为应与您期望的一样。 You will still be able to send SAML messages to /saml/SSO. 您仍然可以将SAML消息发送到/ saml / SSO。

Edit: Detailed steps are given below 编辑:详细步骤如下

  1. Create bean implementing org.springframework.security.web.AuthenticationEntryPoint Simplest imlementation is <bean name="http403ForbiddenEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/> 创建实现org.springframework.security.web.AuthenticationEntryPoint的 bean最简单的实现是<bean name="http403ForbiddenEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>

  2. Use that bean in <security:http entry-point-ref="http403ForbiddenEntryPoint"> <security:http entry-point-ref="http403ForbiddenEntryPoint">使用该bean

  3. Remove <bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint"> 删除<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SAML服务提供商的弹簧安全性 - SAML service provider spring security 使用 SAML 和 Spring Security 的 SSO 为 REST 服务 - SSO using SAML with Spring Security for REST service 如何使用 spring-security-saml2 配置服务提供者以使用 EncryptedAssertions? - How to configure service provider with spring-security-saml2 to consume EncryptedAssertions? 如何创建SSO服务提供商? - How to create a SSO Service Provider? JAVA服务提供商SAML2请求-禁用数字签名 - JAVA service provider SAML2 request - disable digital signature SAML - Java中的服务提供者 - SAML - Service Provider in Java 在SP(服务提供商)中导入SAML SSO IDP元数据时遇到问题 - Facing issue while importing SAML SSO IDP metadata in SP (service provider) 我们可以在 Quarkus 中使用 spring-security-saml2-service-provider - Can we use spring-security-saml2-service-provider in Quarkus 使用 Spring 引导实现 SAML 2.0 服务提供者 - Implementing a SAML 2.0 Service Provider using Spring Boot Spring Security SAML 插件 - 没有配置托管服务提供商异常 - Spring Security SAML plugin - No hosted service provider is configured exception
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM