我的旧系统使用的是 OpenSAML 1.0,现在我想升级到 Spring Security SAML2。在旧系统中我使用的是OpenSAML 1.0,完全手动进行认证,切换到Spring Security SAML2后,我发现很难。
目前我面临以下2个问题:
@Configuration
public class PESaml2Configuration {
@Autowired
private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
@Autowired
private RelyingPartyRegistrations relyingPartyRegistrations;
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
PESaml2Authentication authentication = new PESaml2Authentication();
http
.authorizeHttpRequests()
.antMatchers("/saml2Login").permitAll()
.and()
.saml2Login()
.failureHandler(authentication)
.successHandler(authentication);
return http.build();
}
@Bean
protected RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
Saml2X509Credential credential = credential();
RelyingPartyRegistration registration = RelyingPartyRegistration
.withRegistrationId("okta-saml")
.assertingPartyDetails(party -> party
.entityId("http://www.okta.com/xxxxxxxxxxxx")
.singleSignOnServiceLocation("https://dev-13805256.okta.com/app/xxxxx/sso/saml")
.wantAuthnRequestsSigned(false)
.verificationX509Credentials(c -> c.add(credential))
).build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
private Saml2X509Credential credential() throws IOException, CertificateException {
RelyingPartyRegistration registrations = RelyingPartyRegistrations.fromMetadata(null).registrationId("ok").build();
Resource resource = new ClassPathResource("credentials/okta.cert");
try (InputStream is = resource.getInputStream()) {
X509Certificate certificate = (X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(is);
return Saml2X509Credential.verification(certificate);
}
}