spring-saml

问题 Our application used to have only one possibility to log in: username and password. Once a new user logged into the application, their session would appear in Spring Security's SessionRegistry . Now I'm implementing SAML support with the help of Spring SAML. I oriented the setup heavily towards the sample application's configuration. It all works fine. However I noticed that users that log in via SAML don't get their session added to the SessionRegistry . The usual context file for form based

问题 I've a requirement to integrate SAML authentication with rest API, so that I can make my rest services stateless, the approach which I've taken is as follows Developed an authentication service behind zuul proxy which is running behind AWS ALB User tries to generate token via endpoint https://my-domain/as/auth/login Since user is not logged in, so he gets redirected to IDP where he authenticate After authentication the IDP redirect user back to my service i.e. at URL https://my-domain/as/auth

问题 In SAML, is it possible to force the user to go through idp's login process everytime even when the user has an active idp session? To make a concrete example here: Let's call my application "SP" I use SSOCirecle as idp and I use POST and redirect (SP initiated). To test, I will first login to SSOCircle to get an active idp session. Then when I try going to SP, I should be redirected to idp. Normally, since I already have an active idp session, the idp will see "oh, you already being

来源： https://stackoverflow.com/questions/29954876/spring-security-saml-assertion-expiry-with-application-session-expiry

问题 We integrated our Applications with Okta via SAML. The Okta integration works till Tomcat 9.0.29 Server but from Tomcat 9.0.30, facing Okta Loop issue. Tomcat Logs: There were no errors Browser: Issue occurs in IE and Chrome. SAML Status: <saml2p:Status xmlns:saml2p=“urn:oasis:names:tc:SAML:2.0:protocol”><saml2p:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></saml2p:Status> Added below code to Context.xml of Application as per it required from Chrome v80 (Cookie Behavior)

问题 We integrated our Applications with Okta via SAML. The Okta integration works till Tomcat 9.0.29 Server but from Tomcat 9.0.30, facing Okta Loop issue. Tomcat Logs: There were no errors Browser: Issue occurs in IE and Chrome. SAML Status: <saml2p:Status xmlns:saml2p=“urn:oasis:names:tc:SAML:2.0:protocol”><saml2p:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></saml2p:Status> Added below code to Context.xml of Application as per it required from Chrome v80 (Cookie Behavior)

问题 I'm trying to configure my Spring Boot project to use SAML authentication against a third party IDP. I've already achieved to make the configuration from vdenotaris work with the SSOCircle provider and now I want to switch it to the other provider. The SAML metadata endpoint is HTTPS enabled and I've already created a keystore with both the certificate given in metadata (which is used for signing and encryption) and the one provided by the HTTP endpoint (based in this answer). Then, I save

问题 I'm using Spring Security SAML 1.0.1, and I want to know the value of the SAML attribute whose name is "eduPersonAffiliation". I've coded a class which implements the org.springframework.security.saml.userdetails.SAMLUserDetailsService interface and in the loadUserBySAML method, I'm doing this: @Override public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException { String eduPersonAffiliationAttributeName = ""; // We need to use the "name" of the attribute to

问题 I'm using Spring Security SAML 1.0.1, and I want to know the value of the SAML attribute whose name is "eduPersonAffiliation". I've coded a class which implements the org.springframework.security.saml.userdetails.SAMLUserDetailsService interface and in the loadUserBySAML method, I'm doing this: @Override public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException { String eduPersonAffiliationAttributeName = ""; // We need to use the "name" of the attribute to

问题 I'm working with spring-security and spring-security-saml2-service-provider with versions 5.2.0.RELEASE. I'm trying after authentication by IDP to obtain the current Assertion in order to map it to a user in our local system. I use this code to obtain the Saml2Authentication object @Component @Log4j public class EventListener implements ApplicationListener<InteractiveAuthenticationSuccessEvent> { @Override public void onApplicationEvent(InteractiveAuthenticationSuccessEvent