|
对于最新的稳定版本,请使用 Spring Security 6.4.3! |
Saml 2.0 元数据
解析<saml2:IDPSSODescriptor>元数据
您可以解析断言方的元数据用RelyingPartyRegistrations.
使用 OpenSAML 供应商支持时,生成的AssertingPartyDetails将为OpenSamlAssertingPartyDetails.
这意味着您将能够通过执行以下作来获取底层 OpenSAML XMLObject:
-
Java
-
Kotlin
OpenSamlAssertingPartyDetails details = (OpenSamlAssertingPartyDetails)
registration.getAssertingPartyDetails();
EntityDescriptor openSamlEntityDescriptor = details.getEntityDescriptor();val details: OpenSamlAssertingPartyDetails =
registration.getAssertingPartyDetails() as OpenSamlAssertingPartyDetails;
val openSamlEntityDescriptor: EntityDescriptor = details.getEntityDescriptor();生产<saml2:SPSSODescriptor>元数据
您可以使用saml2MetadataDSL 方法,如下所示:
-
Java
-
Kotlin
http
// ...
.saml2Login(withDefaults())
.saml2Metadata(withDefaults());http {
//...
saml2Login { }
saml2Metadata { }
}您可以使用此元数据终端节点向断言方注册您的信赖方。 这通常就像找到正确的表单字段来提供元数据端点一样简单。
默认情况下,元数据端点为/saml2/metadata,尽管它也响应/saml2/metadata/{registrationId}和/saml2/service-provider-metadata/{registrationId}.
您可以通过调用metadataUrl方法:
-
Java
-
Kotlin
.saml2Metadata((saml2) -> saml2.metadataUrl("/saml/metadata"))saml2Metadata {
metadataUrl = "/saml/metadata"
}改变方式RelyingPartyRegistration被查找
如果你有不同的策略来确定哪个RelyingPartyRegistration要使用,您可以配置自己的Saml2MetadataResponseResolver如下所示:
-
Java
-
Kotlin
@Bean
Saml2MetadataResponseResolver metadataResponseResolver(RelyingPartyRegistrationRepository registrations) {
RequestMatcherMetadataResponseResolver metadata = new RequestMatcherMetadataResponseResolver(
(id) -> registrations.findByRegistrationId("relying-party"));
metadata.setMetadataFilename("metadata.xml");
return metadata;
}@Bean
fun metadataResponseResolver(val registrations: RelyingPartyRegistrationRepository): Saml2MetadataResponseResolver {
val metadata = new RequestMatcherMetadataResponseResolver(
id: String -> registrations.findByRegistrationId("relying-party"))
metadata.setMetadataFilename("metadata.xml")
return metadata
}