Spring Security SAML2多个IDP配置

问题描述 投票:0回答:1

我正在尝试使用Spring Security 5.3通过RelyingPartyRegistrationRepository配置多个idps这是我的application.yaml config

spring:
  security:
    saml2:
      relyingparty:
        registration:
          idpokta:
            identityprovider:
              entity-id: http://<url>
              sso-url: https://<url>
              verification:
                credentials:
                  - certificate-location: "classpath:saml/okta.cert"
              signing:
                credentials:
                  certificate: |
                    -----BEGIN CERTIFICATE-----
                    MIIDpDCC...
                    -----END CERTIFICATE-----
                  private-key: |
                    -----BEGIN PRIVATE KEY-----
                    MIIEvQIBA....

                    -----END PRIVATE KEY-----

          idponelogin:
            identityprovider:
              entity-id: https://<url>
              sso-url: https://<url>
              verification:
                credentials:
                  - certificate-location: "classpath:saml/onelogin.cert"
            signing:
              credentials:
                certificate: |
                  -----BEGIN CERTIFICATE-----
                  MIID/z...
                  -----END CERTIFICATE-----
                private-key: |
                  -----BEGIN PRIVATE KEY-----
                  MIpoi...

                  -----END PRIVATE KEY-----

我的登录控制器定义如下:

@Controller
public class LoginController {
    private final RelyingPartyRegistrationRepository relyingParties;

    // ... 

   @GetMapping("/login")
  public void login(HttpServletRequest request, HttpServletResponse response) throws IOException {
    String registrationId = request.getParameter("idp");
    RelyingPartyRegistration relyingParty = this.relyingParties
            .findByRegistrationId(registrationId);
    if (relyingParty == null) {
      response.setStatus(401);
    } else {
      response.sendRedirect("/saml2/authenticate/" + registrationId);
    }
}

问题我的dependingParty拥有提供者详细信息,但我认为assertionConsumerServiceUrl默认为{baseUrl}/login/saml2/sso/{registrationId}且我的localEntityIdTemplate = {baseUrl} / saml2 / service-provider-metadata / {registrationId}`导致这一问题。如何在yaml文件中添加sp信息?还是我做错了?

截屏enter image description here

spring spring-boot spring-security saml-2.0 spring-security-saml2
1个回答
0
投票

我一直在尝试做同样的事情。该API似乎没有经过深思熟虑。如果您尝试使用自动配置弹簧启动功能,我发现的唯一方法是排除此配置

Saml2RelyingPartyRegistrationConfiguration

并为此提供您自己的课程。

由于所有这些都是本地软件包,因此您必须携带几乎整个软件包

org.springframework.boot.autoconfigure.security.saml2

对于您自己的应用程序,首先从春季完全禁用它。

您最终会得到

CustomRegistrationConfiguredCondition
CustomSaml2LoginConfiguration
CustomSaml2RelyingPartyAutoConfiguration
CustomSaml2RelyingPartyRegistrationConfiguration

至少。确保类之间的引用也已更新。

现在,您需要在CustomSaml2RelyingPartyRegistrationConfiguration中更新以下方法:

    private RelyingPartyRegistration asRegistration(String id, Registration properties) {
        RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(id);
        builder.assertionConsumerServiceUrlTemplate(
                "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
        builder.idpWebSsoUrl(properties.getIdentityprovider().getSsoUrl());
        builder.remoteIdpEntityId(properties.getIdentityprovider().getEntityId());
        builder.localEntityIdTemplate("template_you_like");
        builder.credentials((credentials) -> credentials.addAll(asCredentials(properties)));
        return builder.build();
    }

或者,您也可以将Saml2RelyingPartyProperties复制到您的项目,并在其中添加所有必要的字段。这样,您就可以在yaml或属性文件中设置属性。不要忘记在上述asRegistration方法中使用这些值。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.