问题
After spending good time in Spring security with SAML for ADFs login , I am became fan of framework. I was able to integrate my web application with ADFS for login. But I am missing few requirement here : 1) When we select IDP ADFS login url on my web application login page ,it is moving out of my web application to ADFS login. Which is not desire behavior for business. 2) Also faced problem that , as on successful login user object sent back to my web application from ADFS but in case of login failure it is staying on ADFS login page with login error message.
With this requirement can you please guide me for below requirements.
1) I want to use my own login page (instead of ADFS login redirect) to capture the username and password 2) Pass on those credentials to ADFS server for authentication 3) User authentication flow: 3.a Once user is authenticated, then redirect user to success page 3.b If authentication failed then redirect user to error page. ( Getting failure response from ADFS)
回答1:
The core idea of SAML-based single sign-of is to decouple system which authenticates users (IDP - identity provider) from the systems which receive information about user's identity without performing the authentication (SP - service providers).
This model implies that SP does not have access to user's credentials, and therefore cannot contain a traditional login screen with username/password.
You can find more details e.g. in wiki of SAML 2.0 Web SSO
来源:https://stackoverflow.com/questions/40439577/spring-security-saml-own-login-page-instead-of-adfs-login-redirect