1. 首頁
  2. 問答
  3. SAML服務提供商彈簧安全

SAML服務提供商彈簧安全

2014-03-18 131 views
4

在使用預先配置的服務提供商元數據時,在spring安全性中,擴展元數據委託應該有2個bean定義嗎?一個用於IDP元數據,另一個用於SP元數據?SAML服務提供商彈簧安全

<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
    <constructor-arg> 
     <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
      <constructor-arg> 
       <value type="java.io.File">classpath:security/localhost_sp.xml</value> 
      </constructor-arg> 
      <property name="parserPool" ref="parserPool"/> 
     </bean> 
    </constructor-arg> 
    <constructor-arg> 
     <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> 
      <property name="local" value="true"/> 
      <property name="alias" value="default"/> 
      <property name="securityProfile" value="metaiop"/> 
      <property name="sslSecurityProfile" value="pkix"/> 
      <property name="signingKey" value="apollo"/> 
      <property name="encryptionKey" value="apollo"/> 
      <property name="requireArtifactResolveSigned" value="false"/> 
      <property name="requireLogoutRequestSigned" value="false"/> 
      <property name="requireLogoutResponseSigned" value="false"/> 
      <property name="idpDiscoveryEnabled" value="true"/> 
      <property name="idpDiscoveryURL" 
       value="https://www.server.com:8080/context/saml/discovery/alias/default"/> 
      <property name="idpDiscoveryResponseURL" 
       value="https://www.server.com:8080/context/saml/login/alias/default?disco=true"/> 
     </bean> 
    </constructor-arg> 
</bean> 




<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
    <constructor-arg> 
     <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
      <constructor-arg> 
       <value type="java.io.File">classpath:security/idp.xml</value> 
      </constructor-arg> 
      <property name="parserPool" ref="parserPool"/> 
     </bean> 
    </constructor-arg> 
    <constructor-arg> 
     <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/> 
    </constructor-arg> 
</bean>

來源

2014-03-18 user3280968

回答

10

找到了我的問題的答案....把它放在這裏,以防別人尋找相同的東西。

 <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager"> 
     <constructor-arg> 
      <list> 

      <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
       <constructor-arg> 
        <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider"> 
         <constructor-arg> 

         <value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value> 

         </constructor-arg> 
         <constructor-arg> 
          <!-- Timeout for metadata loading in ms --> 
          <value type="int">5000</value> 
         </constructor-arg> 
         <property name="parserPool" ref="parserPool"/> 
        </bean> 
       </constructor-arg> 
       <constructor-arg> 
        <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/> 
       </constructor-arg> 
       <property name="metadataTrustCheck" value="false"/> 
      </bean> 

      <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 

      <constructor-arg> 
        <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
         <constructor-arg> 
          <value type="java.io.File">file:///C:/SP_Metadata.xml</value> 
         </constructor-arg> 
         <property name="parserPool" ref="parserPool"/> 
        </bean> 
       </constructor-arg> 
       <constructor-arg> 
          <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> 
         <property name="local" value="true"/> 
         <property name="alias" value="defaultAlias"/> 
         <property name="securityProfile" value="metaiop"/> 
         <property name="sslSecurityProfile" value="pkix"/> 
         <property name="signingKey" value="apollo"/> 
         <property name="encryptionKey" value="apollo"/> 
         <property name="requireArtifactResolveSigned" value="true"/> 
         <property name="requireLogoutRequestSigned" value="true"/> 
         <property name="requireLogoutResponseSigned" value="false"/> 
         <property name="idpDiscoveryEnabled" value="true"/> 
         <property name="idpDiscoveryURL" value="https://localhost/mywebapp-SNAPSHOT/saml/discovery/alias/defaultAlias"/> 
         <property name="idpDiscoveryResponseURL" value="https://localhost/mywebapp-SNAPSHOT/saml/login/alias/defaultAlias?disco=true"/> 
        </bean> 
       </constructor-arg> 
      </bean> 
      </list> 
     </constructor-arg> 
<!-- my SP_metadata had this as the entity id --> 
     <property name="hostedSPName" value="urn:test:myapp:auth"/> 
<!-- my idp metadata points to the sso circle idp --> 
      <property name="defaultIDP" value="http://idp.ssocircle.com"/> 
    </bean>

來源

2014-03-20 16:57:30 user3280968

+1

你從哪裏得到parserPool bean? – Charlires

+0

@Charlires '''@Bean 公共ParserPool parserPool()拋出異常{ StaticBasicParserPool池=新StaticBasicParserPool(); pool.initialize(); 返回池; }''' – egaga

相關問題

 相關問題