[英]How to avoid redirecting to login form for some URL with Spring Security?
[英]How to avoid login page with Spring Ssecurity and SAML?
我正在嘗試當用戶通過 Saml2 登錄到我的系統時,它會自動將他重定向到基於他的域的關聯配置,而無需通過如圖所示的登錄頁面訪問 go。
比如用戶:user1@company1.com,我想自動重定向到域對應的認證頁面(company1>singlesignon.url),而不必通過這個中間的go。
我曾嘗試使用 Saml2SecurityConfig 解決此問題,但我不知道如何正確設置它。
怎么可能做到?
security:
saml2:
relyingparty:
registration:
company1:
identityprovider:
entity-id:
verification.credentials:
- certificate-location:
singlesignon.url: https://login.microsoftonline.com/XXXX/saml2
singlesignon.sign-request:
company2:
identityprovider:
entity-id:
verification.credentials:
- certificate-location:
singlesignon.url:
singlesignon.sign-request:
Saml2Config
public class Saml2Config extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
OpenSamlAuthenticationProvider authenticationProvider = new OpenSamlAuthenticationProvider();
authenticationProvider.setResponseAuthenticationConverter(responseToken -> {
Saml2Authentication authentication = OpenSamlAuthenticationProvider
.createDefaultResponseAuthenticationConverter()
.convert(responseToken);
Assertion assertion = responseToken.getResponse().getAssertions().get(0);
String username = assertion.getSubject().getNameID().getValue();
UserDetails userDetails = inMemoryUserDetailsManager().loadUserByUsername(username);
authentication.setDetails(userDetails);
return authentication;
});
http
.requestMatchers()
.antMatchers("/login/**","/saml2/**")
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.saml2Login().authenticationManager(new ProviderManager(authenticationProvider))
.and().csrf().disable();
}
}
I generally see organizations disambiguate their partners via the user's email address (like how the Office 365 Portal does it) or via a customer-specific FQDN (eg, customer.service.com
) similar to how Salesforce does it with their "My Domain"配置。
如果您使用 email 地址,那么您應該將其放入 AuthnRequest 的主題中,以便 IdP 可以在登錄屏幕中使用它。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.