我正在尝试使用Spring Security 5.3通过RelyingPartyRegistrationRepository
配置多个idps这是我的application.yaml config
spring:
security:
saml2:
relyingparty:
registration:
idpokta:
identityprovider:
entity-id: http://<url>
sso-url: https://<url>
verification:
credentials:
- certificate-location: "classpath:saml/okta.cert"
signing:
credentials:
certificate: |
-----BEGIN CERTIFICATE-----
MIIDpDCC...
-----END CERTIFICATE-----
private-key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBA....
-----END PRIVATE KEY-----
idponelogin:
identityprovider:
entity-id: https://<url>
sso-url: https://<url>
verification:
credentials:
- certificate-location: "classpath:saml/onelogin.cert"
signing:
credentials:
certificate: |
-----BEGIN CERTIFICATE-----
MIID/z...
-----END CERTIFICATE-----
private-key: |
-----BEGIN PRIVATE KEY-----
MIpoi...
-----END PRIVATE KEY-----
我的登录控制器定义如下:
@Controller
public class LoginController {
private final RelyingPartyRegistrationRepository relyingParties;
// ...
@GetMapping("/login")
public void login(HttpServletRequest request, HttpServletResponse response) throws IOException {
String registrationId = request.getParameter("idp");
RelyingPartyRegistration relyingParty = this.relyingParties
.findByRegistrationId(registrationId);
if (relyingParty == null) {
response.setStatus(401);
} else {
response.sendRedirect("/saml2/authenticate/" + registrationId);
}
}
问题我的dependingParty拥有提供者详细信息,但我认为assertionConsumerServiceUrl
默认为{baseUrl}/login/saml2/sso/{registrationId}
且我的localEntityIdTemplate
= {baseUrl} / saml2 / service-provider-metadata / {registrationId}`导致这一问题。如何在yaml文件中添加sp信息?还是我做错了?
我一直在尝试做同样的事情。该API似乎没有经过深思熟虑。如果您尝试使用自动配置弹簧启动功能,我发现的唯一方法是排除此配置
Saml2RelyingPartyRegistrationConfiguration
并为此提供您自己的课程。
由于所有这些都是本地软件包,因此您必须携带几乎整个软件包
org.springframework.boot.autoconfigure.security.saml2
对于您自己的应用程序,首先从春季完全禁用它。
您最终会得到
CustomRegistrationConfiguredCondition
CustomSaml2LoginConfiguration
CustomSaml2RelyingPartyAutoConfiguration
CustomSaml2RelyingPartyRegistrationConfiguration
至少。确保类之间的引用也已更新。
现在,您需要在CustomSaml2RelyingPartyRegistrationConfiguration中更新以下方法:
private RelyingPartyRegistration asRegistration(String id, Registration properties) {
RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(id);
builder.assertionConsumerServiceUrlTemplate(
"{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
builder.idpWebSsoUrl(properties.getIdentityprovider().getSsoUrl());
builder.remoteIdpEntityId(properties.getIdentityprovider().getEntityId());
builder.localEntityIdTemplate("template_you_like");
builder.credentials((credentials) -> credentials.addAll(asCredentials(properties)));
return builder.build();
}
或者,您也可以将Saml2RelyingPartyProperties复制到您的项目,并在其中添加所有必要的字段。这样,您就可以在yaml或属性文件中设置属性。不要忘记在上述asRegistration方法中使用这些值。