Spring 无 Spring 引导的安全 SAML 身份元数据
Spring Security SAML Identity Metadata WITHOUT Spring Boot
我经常看到以下用于注册 SAML 身份提供商的代码块:
spring:
security:
saml2:
relyingparty:
registration:
adfs:
identityprovider:
entity-id: https://idp.example.com/issuer
verification.credentials:
- certificate-location: "classpath:idp.crt"
singlesignon.url: https://idp.example.com/issuer/sso
singlesignon.sign-request: false
但是,我有一个较旧的项目,我需要实施多个 SAML 身份提供者,它不是基于 Spring 引导构建的,并且转换它不是一个选项(如果我们今天开始同一个项目,当然我们会使用 Spring Boot).
以上代码如何转换为手动执行此操作?
您可以通过公开类型为 RelyingPartyRegistrationRepository:
的 bean 来做到这一点
@Value("${verification.key}")
File verificationKey;
@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
X509Certificate certificate = X509Support.decodeCertificate(this.verificationKey);
Saml2X509Credential credential = Saml2X509Credential.verification(certificate);
RelyingPartyRegistration registration = RelyingPartyRegistration
.withRegistrationId("example")
.assertingPartyDetails(party -> party
.entityId("https://idp.example.com/issuer")
.singleSignOnServiceLocation("https://idp.example.com/SSO.saml2")
.wantAuthnRequestsSigned(false)
.verificationX509Credentials(c -> c.add(credential))
)
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
您提到的 application.yml 属性只是从 Spring Boot 声明此 bean 的快捷方式。在 Spring 安全示例存储库中有一个 complete sample not using Spring Boot。
此外,还有一个 entire section in Spring Security documentation 教如何覆盖 Spring 启动自动配置(我在上面的代码块中)。
我经常看到以下用于注册 SAML 身份提供商的代码块:
spring:
security:
saml2:
relyingparty:
registration:
adfs:
identityprovider:
entity-id: https://idp.example.com/issuer
verification.credentials:
- certificate-location: "classpath:idp.crt"
singlesignon.url: https://idp.example.com/issuer/sso
singlesignon.sign-request: false
但是,我有一个较旧的项目,我需要实施多个 SAML 身份提供者,它不是基于 Spring 引导构建的,并且转换它不是一个选项(如果我们今天开始同一个项目,当然我们会使用 Spring Boot).
以上代码如何转换为手动执行此操作?
您可以通过公开类型为 RelyingPartyRegistrationRepository:
@Value("${verification.key}")
File verificationKey;
@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
X509Certificate certificate = X509Support.decodeCertificate(this.verificationKey);
Saml2X509Credential credential = Saml2X509Credential.verification(certificate);
RelyingPartyRegistration registration = RelyingPartyRegistration
.withRegistrationId("example")
.assertingPartyDetails(party -> party
.entityId("https://idp.example.com/issuer")
.singleSignOnServiceLocation("https://idp.example.com/SSO.saml2")
.wantAuthnRequestsSigned(false)
.verificationX509Credentials(c -> c.add(credential))
)
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
您提到的 application.yml 属性只是从 Spring Boot 声明此 bean 的快捷方式。在 Spring 安全示例存储库中有一个 complete sample not using Spring Boot。
此外,还有一个 entire section in Spring Security documentation 教如何覆盖 Spring 启动自动配置(我在上面的代码块中)。