1

我使用 SSOCircle 作为 IDP 提供者并使用 spring SAML。我已经登录到 SSOCircle 并创建了一个新的 SP 并在 securityContext.xml 中配置了唯一的 entityID

我可以看到 idp 选择页面,但看不到登录页面。添加的配置如下

<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">  
  <constructor-arg>
        <list>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
                <constructor-arg>
                    <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                        <constructor-arg>
                            <bean class="java.util.Timer"/>
                        </constructor-arg>
                        <constructor-arg>
                            <bean class="org.opensaml.util.resource.ClasspathResource">
                                <constructor-arg value="/conf/spring_saml_metadata.xml"/>
                            </bean>
                        </constructor-arg>
                        <property name="parserPool" ref="parserPool"/>
                    </bean>
                </constructor-arg>
                <constructor-arg>
                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                       <property name="local" value="true"/>
                       <property name="securityProfile" value="metaiop"/>
                       <property name="sslSecurityProfile" value="pkix"/>
                       <property name="sslHostnameVerification" value="default"/>
                       <property name="signMetadata" value="false"/>
                       <property name="signingKey" value="apollo"/>
                       <property name="encryptionKey" value="apollo"/>
                       <property name="requireArtifactResolveSigned" value="false"/>
                       <property name="requireLogoutRequestSigned" value="false"/>
                       <property name="requireLogoutResponseSigned" value="false"/>
                       <property name="idpDiscoveryEnabled" value="true"/>
                       <property name="idpDiscoveryURL" value="http://localhost:8080/myApp/saml/discovery"/>
                       <property name="idpDiscoveryResponseURL" value="http://localhost:8080/myApp/saml/login?disco=true"/>
                    </bean>
                </constructor-arg>
            </bean>
            <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
                <constructor-arg>
                    <value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>
                </constructor-arg>
                <constructor-arg>
                    <value type="int">15000</value>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
    </list></constructor-arg>
</bean>

Entity ID 配置如下

<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
    <constructor-arg>
        <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
            <!-- <property name="entityId" value="urn:test:user:city"/> -->
            <property name="entityId" value="urn:myApp:useruser:dub"/>
            <property name="requestSigned" value="true"/>
        </bean>
    </constructor-arg>
</bean>

例外如下

 org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.saml.SAMLAuthenticationToken
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:196)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
4

2 回答 2

0

异常表明您AuthenticationProvider缺少 的实例,org.springframework.security.saml.SAMLAuthenticationProvider请确保您securityContext.xml包含 SAML 身份验证提供程序的定义,类似于以下内容:

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="samlAuthenticationProvider"/>
</security:authentication-manager>
于 2014-09-25T18:09:19.727 回答
0

我遇到了同样的问题,我samlAutheticationProvider按照@Vladimir 的说明在spring xml 中添加了我的。我仍然有同样的例外。当我调试代码并记录可用的身份验证管理器时,我找不到新的 saml 身份验证管理器。当我在 中添加“id”时security:authentication-manager,它工作正常。

<security:authentication-manager  alias="samlAuthenticationManager" id="samlAuthenticationManager">
    <!-- Register authentication manager for SAML provider -->
    <security:authentication-provider ref="samlAuthenticationProvider"/>
</security:authentication-manager>

希望这可以帮助。

于 2014-10-30T16:16:18.517 回答