本文链接:http://t.csdn.cn/BIGKc
SAML单点登录-spring-security-saml客户端SP
使用spring-security-saml搭建SAML协议的客户端,该依赖是spring框架的官方库,配置方便、文档详细。提供了包括单点登录、单点登出、获取sq元数据文件等接口,无需自己实现,参考:spring-security-saml与应用程序的集成
SpringBoot接入
Maven添加spring-security-saml依赖
pom
配置:
注意:
spring-security-saml2-core
的
1.0.4
-
1.0.10
版本用的是
opensaml-2.6.6
版本,而当前阿里云
maven
库中没有
opensaml-2.6.6
版本,所以
spring-security-saml2-core
需引用
1.0.4
之前的版本(
1.0.3
),否则打包时,会报
opensaml-2.6.6
版本没找到。-当前时间:2022-07-07
阿里云maven公开库查找地址:https://developer.aliyun.com/
springboot-2.6.2
引入
spring-security-saml2-core
不用引入
xmltooling
,否则会有版本冲突问题
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
<version>1.3.4</version>
</dependency>
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>1.0.3.RELEASE</version>
</dependency>
application.yml配置:
idpMetadataUrl: http://localhost:8080/gc-starter-ac/idp/metadata
entityId: cas:saml:sp:springboot
wantAssertionSigned: false
signMetadata: false
signAlg: http://www.w3.org/2001/04/xmldsig-more
idpDiscoveryEnable: true
IdpSelectionPath: /saml/discovery
successLoginUrl: /landing
failLoginUrl: /error
successLogoutUrl: /
jks:
path: classpath:/saml/samlKeystore.jks
password: nalle123
defaultKey: apollo
映射配置到bean:
* @Description: sp配置
* @Author: thp-mac
* @Date: 2022/7/7
* @Version: 1.0
@Data
@Component
@ConfigurationProperties(prefix = "sp")
public class SpConfig {
private String idpMetadataUrl;
private String entityId;
private Boolean wantAssertionSigned;
private Boolean signMetadata;
private String signAlg;
private Boolean idpDiscoveryEnable;
private String IdpSelectionPath;
private String successLoginUrl;
private String failLoginUrl;
private String successLogoutUrl;
private JKS jks;
@Data
public class JKS {
private String path;
private String password;
private String defaultKey;
准备登录成功后回调服务:
需要实现SAMLUserDetailsService
* @Description: saml登录成功会回调该服务,从samlCredential中获取idp返回的数据
* @Author: thp-mac
* @Date: 2022/7/7
* @Version: 1.0
public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {
@Override
public Object loadUserBySAML(SAMLCredential samlCredential) throws UsernameNotFoundException {
return samlCredential.getAttributes();
SP拦截等配置:
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.
DefaultResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLBootstrap;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLLogoutFilter;
import org.springframework.security.saml.SAMLLogoutProcessingFilter;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import org.springframework.security.saml.context.SAMLContextProviderImpl;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.log.SAMLDefaultLogger;
import org.springframework.security.saml.metadata.CachingMetadataManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataDisplayFilter;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.parser.ParserPoolHolder;
import org.springframework.security.saml.processor.HTTPArtifactBinding;
import org.springframework.security.saml.processor.HTTPPAOS11Binding;
import org.springframework.security.saml.processor.HTTPPostBinding;
import org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
import org.springframework.security.saml.processor.HTTPSOAP11Binding;
import org.springframework.security.saml.processor.SAMLBinding;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.ArtifactResolutionProfile;
import org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
import org.springframework.security.saml.websso.SingleLogoutProfile;
import org.springframework.security.saml.websso.SingleLogoutProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfile;
import org.springframework.security.saml.websso.WebSSOProfileConsumer;
import org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
import org.springframework.security.saml.websso.WebSSOProfileECPImpl;
import org.springframework.security.saml.websso.WebSSOProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;
import org.
springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements InitializingBean, DisposableBean {
@javax.annotation.Resource
private SpConfig spConfig;
private Timer backgroundTaskTimer;
private MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager;
public void init() {
this.backgroundTaskTimer = new Timer(true);
this.multiThreadedHttpConnectionManager = new MultiThreadedHttpConnectionManager();
public void shutdown() {
this.backgroundTaskTimer.purge();
this.backgroundTaskTimer.cancel();
this.multiThreadedHttpConnectionManager.shutdown();
@javax.annotation.Resource
private SAMLUserDetailsServiceImpl samlUserDetailsServiceImpl;
@Bean
public VelocityEngine velocityEngine() {
return VelocityFactory.getEngine();
@Bean(initMethod = "initialize")
public StaticBasicParserPool parserPool() {
return new StaticBasicParserPool();
@Bean(name = "parserPoolHolder")
public ParserPoolHolder parserPoolHolder() {
return new ParserPoolHolder();
@Bean
public HttpClient httpClient() {
return new HttpClient(this.multiThreadedHttpConnectionManager);
@Bean
public SAMLAuthenticationProvider samlAuthenticationProvider() {
SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
samlAuthenticationProvider.setUserDetails(samlUserDetailsServiceImpl);
samlAuthenticationProvider.setForcePrincipalAsString(false);
return samlAuthenticationProvider;
@Bean
public SAMLContextProviderImpl contextProvider() {
return new SAMLContextProviderImpl();
@Bean
public static SAMLBootstrap sAMLBootstrap() {
return new SAMLBootstrap();
@Bean
public SAMLDefaultLogger samlLogger() {
return new SAMLDefaultLogger();
@Bean
public WebSSOProfileConsumer webSSOprofileConsumer() {
return new WebSSOProfileConsumerImpl();
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() {
return new WebSSOProfileConsumerHoKImpl();
@Bean
public WebSSOProfile webSSOprofile() {
return new WebSSOProfileImpl();
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
return new WebSSOProfileConsumerHoKImpl();
@Bean
public
WebSSOProfileECPImpl ecpprofile() {
return new WebSSOProfileECPImpl();
@Bean
public SingleLogoutProfile logoutprofile() {
return new SingleLogoutProfileImpl();
@Bean
public KeyManager keyManager() {
DefaultResourceLoader loader = new DefaultResourceLoader();
Resource storeFile = loader
.getResource(spConfig.getJks().getPath());
String storePass = spConfig.getJks().getPassword();
Map<String, String> passwords = new HashMap<String, String>();
passwords.put(spConfig.getJks().getDefaultKey(), spConfig.getJks().getPassword());
String defaultKey = spConfig.getJks().getDefaultKey();
return new JKSKeyManager(storeFile, storePass, passwords, defaultKey);
@Bean
public WebSSOProfileOptions defaultWebSSOProfileOptions() {
WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
webSSOProfileOptions.setIncludeScoping(false);
return webSSOProfileOptions;
@Bean
public SAMLEntryPoint samlEntryPoint() {
SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
samlEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions());
return samlEntryPoint;
@Bean
public ExtendedMetadata extendedMetadata() {
ExtendedMetadata extendedMetadata = new ExtendedMetadata();
extendedMetadata.setIdpDiscoveryEnabled(spConfig.getIdpDiscoveryEnable());
extendedMetadata.setSigningAlgorithm(spConfig.getSignAlg());
extendedMetadata.setSignMetadata(spConfig.getSignMetadata());
extendedMetadata.setEcpEnabled(true);
return extendedMetadata;
@Bean
public SAMLDiscovery samlIDPDiscovery() {
SAMLDiscovery idpDiscovery = new SAMLDiscovery();
idpDiscovery.setIdpSelectionPath(spConfig.getIdpSelectionPath());
return idpDiscovery;
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
throws MetadataProviderException {
String idpSSOCircleMetadataURL = spConfig.getIdpMetadataUrl();
HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
this.backgroundTaskTimer, httpClient(), idpSSOCircleMetadataURL);
httpMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate =
new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(false);
extendedMetadataDelegate.setMetadataRequireSignature(false);
backgroundTaskTimer.purge();
return extendedMetadataDelegate;
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
providers.add(ssoCircleExtendedMetadataProvider());
return new CachingMetadataManager(providers);
@Bean
public MetadataGenerator metadataGenerator() {
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId(spConfig.getEntityId());
metadataGenerator.
setExtendedMetadata(extendedMetadata());
metadataGenerator.setIncludeDiscoveryExtension(false);
metadataGenerator.setKeyManager(keyManager());
metadataGenerator.setWantAssertionSigned(spConfig.getWantAssertionSigned());
return metadataGenerator;
@Bean
public MetadataDisplayFilter metadataDisplayFilter() {
return new MetadataDisplayFilter();
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler =
new SavedRequestAwareAuthenticationSuccessHandler();
successRedirectHandler.setDefaultTargetUrl(spConfig.getSuccessLoginUrl());
return successRedirectHandler;
@Bean
public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() {
SimpleUrlAuthenticationFailureHandler failureHandler =
new SimpleUrlAuthenticationFailureHandler();
failureHandler.setUseForward(true);
failureHandler.setDefaultFailureUrl(spConfig.getFailLoginUrl());
return failureHandler;
@Bean
public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter() throws Exception {
SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
samlWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
samlWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManager());
samlWebSSOHoKProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
return samlWebSSOHoKProcessingFilter;
@Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager());
samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
samlWebSSOProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
return samlWebSSOProcessingFilter;
@Bean
public MetadataGeneratorFilter metadataGeneratorFilter() {
return new MetadataGeneratorFilter(metadataGenerator());
@Bean
public SimpleUrlLogoutSuccessHandler successLogoutHandler() {
SimpleUrlLogoutSuccessHandler successLogoutHandler = new SimpleUrlLogoutSuccessHandler();
successLogoutHandler.setDefaultTargetUrl(spConfig.getSuccessLogoutUrl());
return successLogoutHandler;
@Bean
public SecurityContextLogoutHandler logoutHandler() {
SecurityContextLogoutHandler logoutHandler =
new SecurityContextLogoutHandler();
logoutHandler.setInvalidateHttpSession(true);
logoutHandler.setClearAuthentication(true);
return logoutHandler;
@Bean
public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
return new SAMLLogoutProcessingFilter(successLogoutHandler(),
logoutHandler());
@Bean
public SAMLLogoutFilter samlLogoutFilter() {
return new SAMLLogoutFilter(successLogoutHandler(),
new LogoutHandler[]{logoutHandler()},
new LogoutHandler[]{logoutHandler()});
private ArtifactResolutionProfile artifactResolutionProfile() {
final ArtifactResolutionProfileImpl artifactResolutionProfile =
new ArtifactResolutionProfileImpl(httpClient());
artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding()));
return artifactResolutionProfile;
@Bean
public HTTPArtifactBinding artifactBinding(ParserPool parserPool, VelocityEngine velocityEngine) {
return new HTTPArtifactBinding(parserPool, velocityEngine, artifactResolutionProfile(
));
@Bean
public HTTPSOAP11Binding soapBinding() {
return new HTTPSOAP11Binding(parserPool());
@Bean
public HTTPPostBinding httpPostBinding() {
return new HTTPPostBinding(parserPool(), velocityEngine());
@Bean
public HTTPRedirectDeflateBinding httpRedirectDeflateBinding() {
return new HTTPRedirectDeflateBinding(parserPool());
@Bean
public HTTPSOAP11Binding httpSOAP11Binding() {
return new HTTPSOAP11Binding(parserPool());
@Bean
public HTTPPAOS11Binding httpPAOS11Binding() {
return new HTTPPAOS11Binding(parserPool());
@Bean
public SAMLProcessorImpl processor() {
Collection<SAMLBinding> bindings = new ArrayList<SAMLBinding>();
bindings.add(httpRedirectDeflateBinding());
bindings.add(httpPostBinding());
bindings.add(artifactBinding(parserPool(), velocityEngine()));
bindings.add(httpSOAP11Binding());
bindings.add(httpPAOS11Binding());
return new SAMLProcessorImpl(bindings);
* Define the security filter chain in order to support SSO Auth by using SAML 2.0
* @return Filter chain proxy
* @throws Exception
@Bean
public FilterChainProxy samlFilter() throws Exception {
List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
samlLogoutFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
metadataDisplayFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
samlWebSSOHoKProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
samlLogoutProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
samlIDPDiscovery()));
return new FilterChainProxy(chains);
* Returns the authentication manager currently used by Spring.
* It represents a bean definition with the aim allow wiring from
* other classes performing the Inversion of Control (IoC).
* @throws Exception
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
* Defines the web based security configuration.
* @param http It allows configuring web based security for specific http requests.
* @throws Exception
@Override
protected void configure(HttpSecurity http) throws Exception {
.httpBasic()
.authenticationEntryPoint(samlEntryPoint());
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(samlFilter(), CsrfFilter.class);
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/saml/**").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/img/**").permitAll()
.antMatchers("/js/**").permitAll()
.anyRequest().authenticated();
.logout()
.disable();
* Sets a custom authentication provider.
* @param auth SecurityBuilder used to create an AuthenticationManager.
* @throws Exception
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
.authenticationProvider(samlAuthenticationProvider());
@Override
public void afterPropertiesSet() throws Exception {
init();
@Override
public void destroy() throws Exception {
shutdown();
生成密钥库jks文件
SAML客户端在发送SAML请求时需要进行加密和签名,这就需要密钥,上面配置文件中也有需要去配置jks。jks即密钥库(Java Key Store),里面包含多个公钥和私钥,也可以将认证中心的公钥放入其中,进行解密和验签。这里介绍如何使用jdk的keytool工具生成私钥和自签名证书。
生成密钥库,密钥库包含了公钥和私钥(别名,alias自行更改)
keytool -genkeypair -alias qianxing -keyalg RSA -keystore samlKeystore.jks
生成公钥,IDP解密时需要使用
keytool -alias qianxing -exportcert -keystore samlKeystore.jks -file public.cer
根据jks生成私钥
keytool -v -importkeystore -srckeystore samlKeystore.jks -srcstoretype jks -destkeystore qianxing.pfx -deststoretype pkcs12
openssl pkcs12 -in qianxing.pfx -nocerts -nodes -out private.key
工程中classpath下创建一个saml目录,将samlKeystore.jks放入其中
sp常用API:
获取sp元数据:http://ip:port/cotext-path/saml/metadata
可能存在问题:
springboot-2.6以后默认禁止循环依赖,若不开启会出现samlEntryPoint与samlIDPDiscovery循环依赖问题
解决:
application.yml中添加配置:
spring:
main:
allow-circular-references: true
application.properties中的写法:
spring.main.allow-circular-references = true
本文链接:http://t.csdn.cn/BIGKc
在博客:https://blog.csdn.net/zhitianming/article/details/122824124的基础上整理补充
[SBS3] Spring Boot示例SAML 2.0服务提供程序
该项目代表完全基于Spring Framework构建的SAML 2.0 Service Provider的示例实现。 特别是,它展示了如何通过集成Spring Boot和Spring Security SAML开发为联合身份验证设计的Web解决方案。 使用Java注释(无XML)已完全定义了配置。
SSOCircle ( )用作测试的公共身份提供者。
作者: Vincenzo De Notaris( )
版本: 2.3.1.RELEASE
最后更新:2020年2月15日
感谢VladimírSchäfer ( )支持我的工作。
Sprint Boot
通过Spring Boot,可以轻松创建具有Spring支持的生产级应用程序和服务,而不必大惊小怪。 它从Spring平台的角度出发,以便新老用户都能快速找到所需的信息。
参考: :
Spring Security SAML扩展
Spring SAML扩展允许在Spring应用程序中无缝包含SAML 2.0服务提供程序功
Spring Boot,SAML和Okta
一个Spring Boot示例应用程序,展示了如何使用Spring Security的SAML DSL和Okta实现单点登录(SSO)。
请阅读以了解如何创建此应用程序。
先决条件: 。
具有身份验证和用户管理API,可通过即时,可扩展的用户基础结构缩短开发时间。 Okta直观的API和专家支持使开发人员可以轻松地验证,管理和保护任何应用程序中的用户和角色。
要安装此示例应用程序,请运行以下命令:
git clone https://github.com/oktadeveloper/okta-spring-boot-saml-example.git
cd okta-spring-boot-saml-example
这将获得本地安装的项目的副本。 要安装其所有依赖项并启动应用程序,请运行:
./mvnw spring-boot
[SBS3] Spring Boot示例SAML 2.0服务提供程序
该项目代表完全基于Spring Framework构建的SAML 2.0服务提供程序的示例实现。 特别是,它展示了如何通过集成Spring Boot和Spring Security SAML开发为联合身份验证设计的Web解决方案。 使用Java注释(无XML)已完全定义了配置。
SSOCircle ( )用作测试的公共身份提供者。
作者: Vincenzo De Notaris( )
版本: 2.3.1.RELEASE
最后更新:2020年2月15日
感谢VladimírSchäfer ( )支持我的工作。
Sprint Boot
Spring Boot使得创建具有Spring动力的生产级应用程序和服务变得容易,而且绝对不会引起大惊小怪。 它从Spring平台的角度出发,以便新老用
集中Spring SAML集成
本文档介绍了如何为使用Spring Security SAML的Java Spring应用程序启用Centrify Identity Service(通过SAML)。
本指南将提供有关如何设置和运行示例Centrify Spring SAML示例的分步说明
Java 1.7+ SDK
Java密码术扩展(JCE)无限强度管辖权策略文件
下载与您安装的JVM Eg UnlimitedJCEPolicyJDK7.zip匹配的版本
解压下载的zip
将local_policy.jar和US_export_policy.jar复制到$ JAVA_HOME / jre / lib / security(注意:这些jar已存在,因此您必须覆盖或备份它们)
步骤0:下载centrify spring saml示例项目
git clon
项目是国外的一位大神发布到githut上,这里只是对项目代码的分析与学习,也算是一种强化记忆
附上 githut地址:https://github.com/OpenConext/Mujina
项目分为一个idp,一个sp,以及他们共用的包 ,saml-commom ,我是觉得使用spring boot 来配置比之前使用xml来配置要清晰一些。项目运行前需要先安装配置lombok。基本...
Spring Security可以通过多种方式实现单点登录,其中最常用的是使用Spring Security SAML扩展来实现。具体步骤如下:
1. 配置Spring Security SAML扩展:在Spring Security配置文件中添加SAML扩展的依赖和配置。
2. 配置身份提供者:在SAML配置文件中配置身份提供者,包括身份提供者的元数据和证书。
3. 配置服务提供者:在SAML配置文件中配置服务提供者,包括服务提供者的元数据和证书。
4. 配置单点登录:在SAML配置文件中配置单点登录,包括单点登录的URL和断言消费服务。
5. 配置用户认证:在SAML配置文件中配置用户认证,包括用户认证的方式和用户信息的获取。
6. 配置单点注销:在SAML配置文件中配置单点注销,包括单点注销的URL和注销请求的处理。
7. 配置安全策略:在SAML配置文件中配置安全策略,包括加密和签名的方式和算法。
通过以上步骤,可以使用Spring Security SAML扩展实现单点登录。具体实现过程需要根据具体的应用场景和需求进行调整和优化。
