SAML - 解析服务提供者元数据并提取详细信息,例如签名证书和断言消费者端点
[英]SAML - Parse Service Provider Metadata and extract details such as signing certificate and assertion consumer endpoint
问题描述
My application acts as an SAML IdP.
我的应用程序充当 SAML IdP。 For this, I am in the process of registering Service Providers with my application.为此,我正在向我的应用程序注册服务提供商。 For this, I connect to the SP Federation Metadata URL and download the XML.为此,我连接到 SP 联合元数据 URL 并下载 XML。
Question is- is there any readily available java library which performs this tasks?问题是 - 是否有任何现成的 Java 库可以执行此任务? Or do I need to extract the details manually using standard DOM APIs?或者我是否需要使用标准 DOM API 手动提取详细信息?
Note: My application maintains the user repository and their authentication and authorization details such as credentials, roles, operations, etc. Hence can not really depend on third party IdPs such as ADFS or OneLogin.注意:我的应用程序维护用户存储库及其身份验证和授权详细信息,例如凭据、角色、操作等。因此不能真正依赖第三方 IdP,例如 ADFS 或 OneLogin。
Any help is much appreciated.任何帮助深表感谢。
1 个解决方案
解决方案1
0 2020-02-27 06:56:25
Thanks to codebrane for the pointers.感谢 codebrane 的指点。 I've figured out the way using opensaml libraries.我已经找到了使用 opensaml 库的方法。
private void init(String metadata) throws Exception {
// parse metadata XML
EntityDescriptorImpl entityDescriptor = parseMetaData(metadata);
SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
// get signing/encryption certificates
List<KeyDescriptor> keyDescriptors = spssoDescriptor.getKeyDescriptors();
for (KeyDescriptor keyDescriptor: keyDescriptors) {
KeyInfo keyInfo = keyDescriptor.getKeyInfo();
X509Certificate samlCertificate = keyInfo.getX509Datas().get(0).getX509Certificates().get(0);
sigVerificationCertificate = KeyInfoSupport.getCertificate(samlCertificate);
}
// get SAML endpoints
assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices();
singleLogoutServices = spssoDescriptor.getSingleLogoutServices();
// TODO - extract organization name etc.
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.