gpt4 book ai didi

java - SAML 服务提供者 spring security

转载 作者:搜寻专家 更新时间:2023-10-31 08:26:24 26 4
gpt4 key购买 nike

当使用预配置的服务提供者元数据时,在 spring security 中,扩展元数据委托(delegate)是否应该有 2 个 beans 定义?一个用于 IDP 元数据,一个用于 SP 元数据?

<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/localhost_sp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="alias" value="default"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
<property name="requireArtifactResolveSigned" value="false"/>
<property name="requireLogoutRequestSigned" value="false"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL"
value="https://www.server.com:8080/context/saml/discovery/alias/default"/>
<property name="idpDiscoveryResponseURL"
value="https://www.server.com:8080/context/saml/login/alias/default?disco=true"/>
</bean>
</constructor-arg>
</bean>




<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
</constructor-arg>
</bean>

最佳答案

找到了我的问题的答案....将它放在这里以防其他人寻找相同的答案。

     <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>

<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<constructor-arg>

<value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>

</constructor-arg>
<constructor-arg>
<!-- Timeout for metadata loading in ms -->
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
</constructor-arg>
<property name="metadataTrustCheck" value="false"/>
</bean>

<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">

<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">file:///C:/SP_Metadata.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="alias" value="defaultAlias"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
<property name="requireArtifactResolveSigned" value="true"/>
<property name="requireLogoutRequestSigned" value="true"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL" value="https://localhost/mywebapp-SNAPSHOT/saml/discovery/alias/defaultAlias"/>
<property name="idpDiscoveryResponseURL" value="https://localhost/mywebapp-SNAPSHOT/saml/login/alias/defaultAlias?disco=true"/>
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
<!-- my SP_metadata had this as the entity id -->
<property name="hostedSPName" value="urn:test:myapp:auth"/>
<!-- my idp metadata points to the sso circle idp -->
<property name="defaultIDP" value="http://idp.ssocircle.com"/>
</bean>

关于java - SAML 服务提供者 spring security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22489065/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com