|
对于最新的稳定版本,请使用 Spring Security 6.5.3! |
Saml 2.0 元数据
解析<saml2:IDPSSODescriptor>元数据
您可以解析断言方的元数据用RelyingPartyRegistrations.
使用 OpenSAML 提供商支持时,生成的AssertingPartyDetails将是类型OpenSamlAssertingPartyDetails.
这意味着你可以通过执行以下作来获取底层 OpenSAML XMLObject:
-
Java
-
Kotlin
OpenSamlAssertingPartyDetails details = (OpenSamlAssertingPartyDetails)
registration.getAssertingPartyDetails();
EntityDescriptor openSamlEntityDescriptor = details.getEntityDescriptor();val details: OpenSamlAssertingPartyDetails =
registration.getAssertingPartyDetails() as OpenSamlAssertingPartyDetails;
val openSamlEntityDescriptor: EntityDescriptor = details.getEntityDescriptor();生产<saml2:SPSSODescriptor>元数据
您可以使用saml2MetadataDSL 方法,如下所示:
-
Java
-
Kotlin
http
// ...
.saml2Login(withDefaults())
.saml2Metadata(withDefaults());http {
//...
saml2Login { }
saml2Metadata { }
}您可以使用此元数据终结点向断言方注册信赖方。这通常就像查找正确的窗体字段来提供元数据终结点一样简单。
默认情况下,元数据终结点为/saml2/metadata,尽管它也响应/saml2/metadata/{registrationId}和/saml2/service-provider-metadata/{registrationId}.
您可以通过调用metadataUrlDSL 中的方法:
-
Java
-
Kotlin
.saml2Metadata((saml2) -> saml2.metadataUrl("/saml/metadata"))saml2Metadata {
metadataUrl = "/saml/metadata"
}改变方式RelyingPartyRegistration被查找
如果您有不同的策略来确定哪些RelyingPartyRegistration要使用,您可以配置自己的Saml2MetadataResponseResolver如下图所示:
-
Java
-
Kotlin
@Bean
Saml2MetadataResponseResolver metadataResponseResolver(RelyingPartyRegistrationRepository registrations) {
RequestMatcherMetadataResponseResolver metadata = new RequestMatcherMetadataResponseResolver(
(id) -> registrations.findByRegistrationId("relying-party"));
metadata.setMetadataFilename("metadata.xml");
return metadata;
}@Bean
fun metadataResponseResolver(val registrations: RelyingPartyRegistrationRepository): Saml2MetadataResponseResolver {
val metadata = new RequestMatcherMetadataResponseResolver(
id: String -> registrations.findByRegistrationId("relying-party"))
metadata.setMetadataFilename("metadata.xml")
return metadata
}