spring-saml | 易学教程

How to add new idp metadata in spring-SAML at runtime

阅读更多关于 How to add new idp metadata in spring-SAML at runtime

问题 I am integrating spring-security-saml extension to support SSO in my web-application, my application should allow different customers to add their IDP metadata and their certificate to my webapp (which is an SP) so that my webapp can initiate SSO against their idp. Right now I am defining a "metadata" bean in my java config where in I add the idp metadata to CachingMetadataManager. But this happens only once, I am not able to figure out how do I add a new idp metadata to MetadataManager at

spring saml: How is LOGOUT handled? Is it mandatory to have logout endpoint in IDP metadata xml?

阅读更多关于 spring saml: How is LOGOUT handled? Is it mandatory to have logout endpoint in IDP metadata xml?

问题 I am using Spring SAML implementation. SSO circle metadata xml was having logout endpoint which helps in local logout and global logout. But there are some other IDP's which I am interacting with and are not having logout endpoints in their metadata xml. How should LOGOUT be handled in these scenarios? Is deleting cookies of the request the only solution of this problem or is there any workaround for this scenario? Your help in this regard is much appreciated. 回答1: It is not mandatory for

Spring Security and nested FilterChainProxy writing SAML Service Provider

阅读更多关于 Spring Security and nested FilterChainProxy writing SAML Service Provider

问题 I am trying to figure out a problem involving Spring Security and SAML. We are trying to use Spring Security (spring-security-core-3.1.1.RELEASE.jar) and SAML (spring-security-saml2-core-1.0.0-RC1-SNAPSHOT.jar) to modify our product to be a SAML SP. EDIT: Here is the (I think!) relevant section of my security-related context xml. As you can see, it's almost identical to this sample XML.  <bean id=

SpringSecurity-SAML(OpenSAML): Failed to unmarshall assertion: getting org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR

阅读更多关于 SpringSecurity-SAML(OpenSAML): Failed to unmarshall assertion: getting org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR

Using spring-security-saml for handling assertions from IDP, getting below error after server is up for 1 to 2 hours. Issue is not reproducible all the time. By looking at stacktrace, issue seems to be related to parser pool used in spring saml configuration. Please share any thoughts. library versions: opensaml 2.6.1 spring-security-saml2 1.0.0.RELEASE parser pool config: <bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize"> <property name="builderFeatures"> <map> <entry key="http://apache.org/xml/features/dom/defer-node-expansion" value="false"/

How to resolve org.springframework.web.util.NestedServletException: Request processing failed; with SAML

阅读更多关于 How to resolve org.springframework.web.util.NestedServletException: Request processing failed; with SAML

问题 I am developing an application which is authenticating via IDP which ins ADFS server. So it has some functionality to import IDP metadata from the program level by accessing metadata URL (given below) and update according to the service provider side. I am experiencing request processing exception when trying to process SAML metadata from the ADFS server URL. some solutions that I found says it is problem in wildfly8 , and fine with Wildfly 7+ and JBoss 7+ , but still I am having the same

How can I force spring-saml-extension to re-authenticate everytime?

阅读更多关于 How can I force spring-saml-extension to re-authenticate everytime?

问题 I recently ran successfully the spring-saml-sample working with ADFS 2.0. However I noticed that ADFS only ask me once my user/pass, and then I can enter as many times I want but always with the same user (even when I did a global logout). Is seems there is a cookie or something stored locally that is sent to ADFS. What if I want to authenticate with a different user on the same machine? How can I configure saml-extension in order to force authentication again? 回答1: SAML contains a mechanism

Spring Security SAML One Login Global Single Logout LogoutRequest Parsing Issue

阅读更多关于 Spring Security SAML One Login Global Single Logout LogoutRequest Parsing Issue

I am implementing Spring Security SAML with One Login. I have set all the configuration files and meta data is set. I am able to get login work and logout is working if I logoff from the same application I logged in. In this scenario from SAML IDP I get LogoutResponse and Spring Security is able to parse and process it. http://localhost:8080/web/saml/SingleLogout?SAMLResponse= .............. Problem is when I login in two applications, currently I login to One Login admin console, there is a link to my app, I click on it and I am able to login directly in my application, now when I log off

Propagate SAML Assertion Response/Security Context to downstream Services/Apps

阅读更多关于 Propagate SAML Assertion Response/Security Context to downstream Services/Apps

问题 We have multiple services in our environment. There are scenarios where we want the user to auto-login/silently login to one or more participating services without being challenged by the Identity Provider for credentials or communicating with the Identity Provider after the first successful login from one service. For Eg, we have a front-end UI App which we want to be authenticated using Spring Security SAML. And when the UI App communicates to back-end services we want the security context

How to do something after the login with Spring Security?

阅读更多关于 How to do something after the login with Spring Security?

问题 I have a Spring web application which uses Spring SAML and Spring Security to manage the login process. Now I need to do some tasks after the correct login occurs. In particular I have to store some data in the SecurityContext.getContext() object. I have never worked with Spring Security/SAML and I don't know how it manages the return from the IdP. Is there any place in the code where usually you can put your code after the login process ends correctly? I mean, I know where the redirect page

OpenSaml3 Documentation

阅读更多关于 OpenSaml3 Documentation

问题 Does anyone know if there is any documentation for OpenSaml3 anywhere? Paid or otherwise? I know there used to be a $15 book available, but I believe that only covers OpenSaml2. I know this will probably get voted down as it not a programming specific question, but Spring-Saml lists SO as it's primary forum now (http://projects.spring.io/spring-security-saml/). SAML is a pain to implement without a good library and I think that Spring-SAML is the best thing available to someone writing on the