0

我已经将 Spring SAML SSO 实现到 Wildfly 8.2 上的 JEE6 Web 应用程序中,以使用 ADFS2/3 进行身份验证,但目前我无法成功进入授权过程。这是请求/响应 ping/pong:

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 AssertionConsumerServiceURL="https://172.19.100.141:8443/saml/SSO"
                 Destination="MYIDP"
                 ForceAuthn="false"
                 ID="a1be1ie43303d6ei1fa8je1fdd1jhh4"
                 IsPassive="false"
                 IssueInstant="2015-10-05T16:52:54.680Z"
                 ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                 Version="2.0"
                 >
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SPENTITY</saml2:Issuer>

回复:

<samlp:Response ID="_c644ea1a-88e9-4022-a9fc-52071d0e67bc"
            Version="2.0"
            IssueInstant="2015-10-05T16:52:54.658Z"
            Destination="https://172.19.100.141:8443/saml/SSO"
            Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
            InResponseTo="a1be1ie43303d6ei1fa8je1fdd1jhh4"
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
            >
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">IDP/adfs/services/trust</Issuer>
<samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                        >
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                </e:EncryptionMethod>
                <KeyInfo>
                    <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:X509IssuerSerial>
                            <ds:X509IssuerName>MY ISSUER RDATA</ds:X509IssuerName>
                            <ds:X509SerialNumber>686142642</ds:X509SerialNumber>
                        </ds:X509IssuerSerial>
                    </ds:X509Data>
                </KeyInfo>
                <e:CipherData>
                    <e:CipherValue>VAL</e:CipherValue>
                </e:CipherData>
            </e:EncryptedKey>
        </KeyInfo>
        <xenc:CipherData>
            <xenc:CipherValue>VAL</xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>
</EncryptedAssertion>

当我在最后两分钟内达到超过 6 个请求时,ADFS 断开连接并收到错误消息。可能的错误是什么?我已将所有必需的密钥添加到我的密钥库中,为什么即使状态代码响应的字段已成功,客户端也会继续请求?

4

1 回答 1

1

问题是useReferer属性设置trueSavedRequestAwareAuthenticationSuccessHandler

<!-- Handler deciding where to redirect user after successful login -->
<beans:bean id="successRedirectHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- <beans:property name="useReferer" value="true"/> -->
    <beans:property name="defaultTargetUrl" value="/dispatcher"/>
</beans:bean>
于 2015-10-06T15:26:59.757 回答