如何在Spring Security中配置wso2元數據示例

Question

我是安全新手，我從github下載了spring安全示例，它運行良好，使用ssocircle。現在我想用wso2配置它。我閱讀了一些文章，他們提到我們必須手動編寫元數據。請指教我如何寫元數據，而不是此彈性安全示例中定義的元數據url

http://idp.ssocircle.com/idp-meta.xml我必須給出哪些網址。 謝謝

Answer 1

通過添加元數據的XML文件做這個改變彈簧SAML示例項目IS作爲WSO2不會自動生成，你需要手動創建元數據添加到您的idp.xml，這將是somthing like this

<?xml version="1.0" encoding="UTF-8"?> 
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" 
       entityID="localhost" 
       validUntil="2023-09-23T06:57:15.396Z"> 
    <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" > 
<md:KeyDescriptor use="signing"> 
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <ds:X509Data> 
       <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE 
       CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv 
       Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw 
       CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE 
       AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou 
       sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 
       HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID 
       AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i 
       QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR 
       O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> 
      </ds:X509Data> 
     </ds:KeyInfo> 
    </md:KeyDescriptor> 
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso" ResponseLocation="https://localhost:9443/samlsso"/> 
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso"/> 
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"/> 
    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> 
    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> 
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> 
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> 
    </md:IDPSSODescriptor> 
</md:EntityDescriptor> 

並將IS元數據的條目添加到securityContext.xml中。

---

更新：

在安全context.xml中您需要更改元數據豆

<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager"> 
<constructor-arg> 
    <list> 
     <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
      <constructor-arg> 
       <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider"> 
        <constructor-arg> 
         <bean class="java.util.Timer"/> 
        </constructor-arg> 
        <constructor-arg> 
         <bean class="org.opensaml.util.resource.ClasspathResource"> 
          <constructor-arg value="/metadata/idp.xml"/> 
         </bean> 
        </constructor-arg> 
        <property name="parserPool" ref="parserPool"/> 
       </bean> 
      </constructor-arg> 
      <constructor-arg> 
       <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> 
       </bean> 
      </constructor-arg> 
     </bean>   
    </list> 
</constructor-arg> 

我希望這有助於。 - 保爾