spring-saml

问题 I have the task to implement a accessibility to an Active Directory Federation Services (SSL) with a LDAP behind. At first I have to to say that my experience in ADFS and SAML is very small. I have decide to take the Spring Security SAML Extension to implement this feature. I download and install the SAML extension for the Spring Security project from GIThub: https://github.com/spring-projects/spring-security-saml I found in the official documentation http://docs.spring.io/spring-security

问题 The multi tenant SAML application I'm working on uses spring-security-saml and contains two service providers and one IDP (Active Directory Federation Services). The developer who worked SSO into this application chose to make it multi tenant because it is a dual-purpose application with two different interfaces - essentially two applications in one. It is designed to be used in a browser with two tabs open, so one interface runs in the first tab and the other interface runs in the second tab

问题 I have requirement for our application where we need to implement Spring SAML within our app to enable federated SSO for one customer. However we need to maintain existing login flow using spring-security for other customer. So my question is can we have two security mechanism for an web application so that it will be treated as multi-tenancy. Can i implement OAuth and SAML in same application. thanks in advance.. 回答1: Yes, you can combine your existing password authentication with SAML. See

问题 I am working with Spring SAML and I have problem consuming SAML assertion (sample assertion from Wikipedia article <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="b07b804c-7c29-ea16-7300-4f3d6f7928ac" Version="2.0" IssueInstant="2004-12-05T09:22:05"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds

问题 I am working with Spring SAML and I have problem consuming SAML assertion (sample assertion from Wikipedia article <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="b07b804c-7c29-ea16-7300-4f3d6f7928ac" Version="2.0" IssueInstant="2004-12-05T09:22:05"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds

问题 I'm trying to adapt the Spring Security SAML sample application to use a test IDP (provided to me by someone else) instead of ssocircle. Clicking on the "SAML Login" correctly redirects me to the SSO login page of the IDP but after login and redirection back to the sample app I get an exception (apparently during artifact resolution) at the root of which is: org.opensaml.ws.message.decoder.MessageDecodingException: Error when sending request to artifact resolution service. at org

问题 After a successful SAML authentication : AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;https://localhost:8443/saml/metadata;http://www.okta.com/exkdwf3hodKFkefLO0h7;;; The browser is redirected back into an endless loop. I've sat with a debugger stepping through Spring code and looks like it is erroring out in BasicAuthenticationFilter calling SAMLAuthenticationProvider which doesn't support UsernamePasswordAuthenticationToken and throws an exception which in turn sends the browser into an endless

问题 I've successfully implemented SSO authentication using Spring-SAML extension. Primary requirement for us to support IDP-initiated SSO to our application. Well, by using the configurations from spring-security-saml2-sample even SP-initiated SSO flow also works for us. Question: Is keystore is used in IDP-initiated SSO (if metadata has certificate)? If not used, I would like to get rid of keystore configurations from securityContext.xml . Note: SP-initiated SSO and Global logout is not needed

问题 first post here, hope im doing right. In a project, we have a scenario where we have a single web application with multiple entities. Currently, the login is managed via default JDBC Spring Security provider, working fine. For a new requirement, we need that each entity can have their own login method (currently 2 methods would be available, the JDBC one, which is the current one, and the second method would be authentication via SAML, with each entity defining their own IdP, but this is

问题 I want to deal with Spring Security SAML. For this, I start to explore Spring Security SAML. At the beginning, I create an account at SSOCircle. Than I configurated of IDP metadata and generation of SP metadata (4.2.2 and 4.2.3). At entityId I set: <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter"> <constructor-arg> <bean class="org.springframework.security.saml.metadata.MetadataGenerator"> <property name="entityId" value="http://idp