stackoom
  简体   繁体   中英

Spring SAML - how to add custom fields on the SP HTTP request?

 原文  2014-09-02 18:50:54       spring/ spring-security/ saml/ spring-saml

Question

My service provider uses HTTP-Post binding to send the request to the IDP. I need to add new fields to the form. Right now I'm sending the "SAMLRequest" and "RelayState", but I also need to send "option" and "profile", these are fields required by our IDP. How can I accomplish this with Spring Saml security?

1 answers

solution1
 8 ACCPTED  2014-09-03 18:53:07

You can include additional fields in the Extensions element of the SAML AuthnRequest message. In order to so you need to overriding class WebSSOProfileImpl and configure your new implementation class in the securityContext.xml . The Extensions element can be constructed for example like this: 

package example;

import org.opensaml.common.SAMLException;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.common.impl.ExtensionsBuilder;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.impl.XSAnyBuilder;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.websso.WebSSOProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;

/**
 * Customization of the AuthnRequest generation.
 */
public class WebSSOProfile extends WebSSOProfileImpl {

    public WebSSOProfile() {
    }

    public WebSSOProfile(SAMLProcessor processor, MetadataManager manager) {
        super(processor, manager);
    }

    @Override
    protected AuthnRequest getAuthnRequest(SAMLMessageContext context, WebSSOProfileOptions options, AssertionConsumerService assertionConsumer, SingleSignOnService bindingService) throws SAMLException, MetadataProviderException {
        AuthnRequest authnRequest = super.getAuthnRequest(context, options, assertionConsumer, bindingService);
        authnRequest.setExtensions(buildExtensions());
        return authnRequest;
    }

    protected Extensions buildExtensions() {

        XSAny extraElement = new XSAnyBuilder().buildObject("urn:myexample:extraAttribute", "ExtraElement", "myexample");
        extraElement.setTextContent("extraValue");

        Extensions extensions = new ExtensionsBuilder().buildObject();
        extensions.getUnknownXMLObjects().add(extraElement);

        return extensions;

    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SAML - how transfer custom attributes between Spring SAML extension(SP) and shibboleth 3.1.1(IDP) Spring Security SAML2 - SP http post security How can I add “Organization” declaration into SP's metadata (Spring SAML)? How to configuration of IDP metadata and SP metadata in Spring Security SAML sample? Add my custom http header to Spring RestTemplate request / extend RestTemplate Spring SAML Alias is used both for entity and SP Using Spring SAML as an IDP rather than an SP Spring Integration: how to add custom HTTP headers to the HTTP outbound gateway? How can we set different AssertionCosumerURL in SAML AuthnRequest in a SP initiated request for a multi tenant environment? Spring SAML: SAMLException: Unsupported request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM