发表新帖
发表新帖

How to configuration of IDP metadata and SP metadata in Spring Security SAML sample?

前端 未结
关注
2 1461
醉话见心
醉话见心 2021-02-06 15:44

I want to deal with Spring Security SAML. For this, I start to explore Spring Security SAML. At the beginning, I create an account at SSOCircle. Than I configurated of IDP meta

相关标签:
2条回答
  • 傲寒
    2021-02-06 16:14

    Follow the steps in the QuickStart chapter. Some differences to note:

    1. Sign up at http://www.ssocircle.com/. You need to verify your email address.

    2. The metadataGeneratorFilter section of sample/src/main/webapp/WEB-INF/securityContext.xml should look like this (Note: signMetadata property is commented out):

      <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
    <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
      <property name="entityId" value="urn:test:YourName:YourCity"/>
  <!--<property name="signMetadata" value="false"/>-->
    </bean>
</constructor-arg>

    3. Build and start the web server locally. Then download the metadata at http://localhost:8080/spring-security-saml2-sample/saml/metadata. Copy the contents to your clipboard.
    4. Update the metadata of your new profile at https://idp.ssocircle.com/sso/hos/ManageSPMetadata.jsp.
    5. Enter the FQDN of the service as "urn:test:YourName:YourCity". You need to enter unique values for Your Name and Your City. Paste in the metadata from above.
    6. To Test:
      1. Logout of SSO Circle Service.
      2. Go to http://localhost:8080/spring-security-saml2-sample
      3. You should be redirected to the SSO Circle login.
      4. Login with your SSO Circle credentials.
      5. You should be redirected to your local service provider page and authenticated.
    0 讨论(0)
  • 不知归路
    2021-02-06 16:14

    The metadata generator filter generates metadata for your application (service provider). The entity id you're providing (http://idp.ssocircle.com) is already used by the SSO Circle, you should create a unique value which describes your application, e.g. urn:test:helsinki:myapp

    Just like the manual says:

    make sure to replace the entityId value with a string which is unique within the SSO Circle service (e.g. urn:test:yourname:yourcity)

    0 讨论(0)
 看不清?
提交回复
热议问题