spring-saml

问题 I have integrated SAML 2.0 in my system and I’m using like IDP the file http://idp.ssocircle.com/idp-meta.xml. Last week my application worked fine, but since yesterday (5th December 2016) I have an error without doing any modifications in my configuration file. The error is: 2016-12-06 10:00:07 ERROR: PKIX path construction failed for untrusted credential: [subjectName='CN=idp.ssocircle.com' |credential entityID='https://idp.ssocircle.com']: unable to find valid certification path to

问题 Is that possible to have multiple IDP Metadata configuration? How do I configure it? In my environment I have two different ADFS servers and both has its own Metadata.xml files. In the securityContext.xml file I have following configuration for my ADFS server IDP selection: <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager"> <constructor-arg> <list> <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider"> <constructor-arg> <value type

问题 I have a SP(Service Provider implemented using Spring SAML), I want the SP will send the authentication SAML token to another service application .Now I need validate(only) the token against the IDP at service apilcation end. How can I achieve this? Any help will be apreciated 回答1: There is no mechanism in the standard SAML profiles which allows validation of issued SAML assertions against IDP servers. Validation is typically done by recipients of the tokens - by validating XML signature on

问题 I'm trying to configure Spring Security SAML 1.0.1 to reach a remote discovery service located at https://discovery.renater.fr/test. Instead, the IDP specified in property defaultIDP of the "CachingMetadataManager" is reached. In Spring Security SAML 1.0.1 documentation, we can read: Remote discovery service In order to enable external IDP discovery service, configure property idpDiscoveryURL in your local SP extended metadata to the external discovery URL. Make sure property

问题 every couple of days our web app that uses Spring Security SAML has deadlock. Deadlock happens on refreshing metadata. I tried too understand what is the problem from source code but without success. This is stacktrace from three threads that are in deadlock: 1. Stack Trace Metadata-reload [136] (BLOCKED) org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize line: 402 org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize line: 167 org

问题 Are you able to use Spring SAML if you are implementing as an IDP? I have used it in the past when acting as a Service Provider, and having read the documentation its not clear on whether I can use it as an IDP. Note - I originally asked for opinions on another question which was put on hold by Users, I reworded the question as above but its still on hold hence I have asked again. 回答1: There's no support for acting as an IDP in Spring SAML. Capabilities of Spring SAML are described in the

问题 I am using Spring security in my web application and I am using Javaconfig for it. Recently we have also added Spring SAML authentication in the application and finally got it working after some hurdles. Inside the WebApplicationInitializer 's onStartUp () I am loading SpringSecurity configuration or SpringSaml configuration based on some pre condition. Now how can I do this dynamically ? Actually I will introduce a button and once admin clicks on this button admin and all users will be

问题 I am using spring security saml extension for sso in my application. I am able to successfully integrate with adfs. Now I need the exact encoded SAML response we get from adfs to be passed to webservices downstream. How to get that SAML response string? 回答1: If your SAML token is encrypted: You can extend default SAMLAuthenticationProvider and override authenticate method. Inside this method you can get the complete SAML Response as follows: SAMLAuthenticationToken token =

问题 I am using spring-security-saml2 1.0.0.RELEASE. It works well and pretty good for me. But New requirement is rised. I need saml-token as string. can I get the saml-token as string. I find saml-token in log. But how to get the saml-token as string format? 回答1: Good question, I've just added a new chapter to the Spring SAML manual which addresses this issue: Authentication assertion Assertion used to authenticate user is stored in the SAMLCredential object under property authenticationAssertion

问题 I'm working on an integration between Spring SAML and Microsoft ADFS 3.0. Even it is already stated in the documentation of Spring SAML as: Open the provider by double-clicking it, select tab Advanced and change "Secure hash algorithm" to SHA-1 that I understand that Spring SAML supports currently only SHA-1 as hash algorithm, but my requirement is using SHA-256. If I try configure only in ADFS for SHA-256, it doesn't work. I suppose that I have to do something with Spring SAML. Do you have