Spring Boot 和 SAML 2.0
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23150126/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Boot and SAML 2.0
提问by vdenotaris
Is there a way to integrate SAML 2.0 in a Spring Boot-based application? I'd like to implement my own SP and communicate with a remote IdP.
有没有办法将 SAML 2.0 集成到基于 Spring Boot 的应用程序中?我想实现我自己的 SP 并与远程 IdP 通信。
回答by vdenotaris
I implemented a sample project in order to show how to integrate Spring Security SAML Extensionwith Spring Boot.
我实现了一个示例项目,以展示如何将Spring Security SAML 扩展与Spring Boot集成。
The source code is published on GitHub:
源代码发布在 GitHub 上:
回答by Ulises
I recently released a spring boot plugin for this here. It is basically a wrapper around Spring Security SAML that allows for friendlier configuration through a DSL or config properties. Here's an example using the DSL:
我最近在这里发布了一个 spring boot 插件。它基本上是 Spring Security SAML 的包装器,允许通过 DSL 或配置属性进行更友好的配置。下面是一个使用 DSL 的例子:
@SpringBootApplication
@EnableSAMLSSO
public class SpringBootSecuritySAMLDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBootSecuritySAMLDemoApplication.class, args);
}
@Configuration
public static class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
}
}
@Configuration
public static class MyServiceProviderConfig extends ServiceProviderConfigurerAdapter {
@Override
public void configure(ServiceProviderSecurityBuilder serviceProvider) throws Exception {
serviceProvider
.metadataGenerator()
.entityId("localhost-demo")
.and()
.sso()
.defaultSuccessURL("/home")
.idpSelectionPageURL("/idpselection")
.and()
.logout()
.defaultTargetURL("/")
.and()
.metadataManager()
.metadataLocations("classpath:/idp-ssocircle.xml")
.refreshCheckInterval(0)
.and()
.extendedMetadata()
.idpDiscoveryEnabled(true)
.and()
.keyManager()
.privateKeyDERLocation("classpath:/localhost.key.der")
.publicKeyPEMLocation("classpath:/localhost.cert");
}
}
}
That's basically all the code you need.
这基本上就是您需要的所有代码。
回答by Dave Syer
You'd have to do all the SAML stuff in XML (surprise, surprise). But the rest shouldn't get in the way, just standard Springy, Booty stuff, e.g.
您必须在 XML 中执行所有 SAML 内容(惊喜,惊喜)。但其余的不应该妨碍,只是标准的 Springy、Booty 东西,例如
@EnableAutoConfiguration
@Configuration
@ImportResource("my-crazy-ass-saml.xml")
public class Application implements WebMvcSecurityAdapter {
// set up security filter chain here
}
回答by P.Péter
I tried @vdenotaris' solution, but does not seem to work with current spring-boot, and thus given up that approach.
我尝试了@vdenotaris 的解决方案,但似乎不适用于当前的 spring-boot,因此放弃了这种方法。
So as an alternate solution I used shibboleth to do all the SAML stuff using the mod_shib2module in apache httpd, and run tomcat using mod_jk(mod_proxy_ajp could also be used) behind the said apache instance. Tomcat receives all the required SAML attributes as request attributes, and I only have to store the idp and the user id in the regular user table to connect the internal authentication to the external (I need both SAML and password-based authentication).
因此,作为替代解决方案,我使用 shibboleth 使用mod_shib2apache httpd 中的模块执行所有 SAML 操作,并mod_jk在上述 apache 实例后面使用(也可以使用 mod_proxy_ajp)运行 tomcat 。Tomcat 接收所有必需的 SAML 属性作为请求属性,我只需将 idp 和用户 id 存储在常规用户表中即可将内部身份验证连接到外部(我需要 SAML 和基于密码的身份验证)。
回答by Stefan Rasmusson
I would recommend checking out the Spring SAML extension
我建议查看Spring SAML 扩展
