Find centralized, trusted content and collaborate around the technologies you use most.
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
我正在使用 Spring SAML 并配置了一个接受加密断言的服务提供者。有没有办法配置 SP 以拒绝未加密的断言?
不,您不能配置 Spring SAML 来强制执行此规则。实现它的最简单方法是扩展WebSSOProfileConsumerImpl、覆盖例如方法并在断言未加密的情况下processAuthenticationResponse抛出。org.opensaml.xml.security.SecurityException
WebSSOProfileConsumerImpl
processAuthenticationResponse
org.opensaml.xml.security.SecurityException