Java SAML-如何在Spring SAML扩展(SP)和shibboleth 3.1.1(IDP)之间传输自定义属性
我已经使用spring SAML(SP)和shibboleth 3.1.1(IDP)实现了SSO,我想知道是否有任何方法可以在authRequest和authResponse之间传输自定义属性。假设我想将自定义属性(jobName)从SP发送到IDP,IDP验证该值,然后将该值返回给我 我将md:Extensions md:RequestedAttribute saml:AttributeValue添加到我的sp元数据文件中,并覆盖websoprofileimpl.java中的getAuthnRequest方法,但生成的authRequest不包含in-md:RequestedAttributeJava SAML-如何在Spring SAML扩展(SP)和shibboleth 3.1.1(IDP)之间传输自定义属性,java,spring,saml,shibboleth,Java,Spring,Saml,Shibboleth,我已经使用spring SAML(SP)和shibboleth 3.1.1(IDP)实现了SSO,我想知道是否有任何方法可以在authRequest和authResponse之间传输自定义属性。假设我想将自定义属性(jobName)从SP发送到IDP,IDP验证该值,然后将该值返回给我 我将md:Extensions md:RequestedAttribute saml:AttributeValue添加到我的sp元数据文件中,并覆盖websoprofileimpl.java中的getAuthnR
<md:Extensions xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="true"></md:RequestedAttribute>
</md:Extensions>
@Override
protected AuthnRequest getAuthnRequest(SAMLMessageContext context, WebSSOProfileOptions options, AssertionConsumerService assertionConsumer, SingleSignOnService bindingService) throws SAMLException, MetadataProviderException {
AuthnRequest authnRequest = super.getAuthnRequest(context, options, assertionConsumer, bindingService);
authnRequest.setExtensions(buildExtensions());
authnRequest.setAttributeConsumingServiceIndex(1);
return authnRequest;
}
protected Extensions buildExtensions() {
Extensions extensions = new ExtensionsBuilder().buildObject();
RequestedAttribute reqAttribute = new RequestedAttributeBuilder().buildObject();
reqAttribute.setName("urn:oid:0.9.2342.19200300.100.1.3");
reqAttribute.setNameFormat(AtomicRequestedAttribute.URI_REFERENCE);
reqAttribute.setIsRequired(true);
XSAny extraElement = new XSAnyBuilder().buildObject("saml:AttributeValue", "AttributeValue", "saml");
extraElement.setTextContent("myjobName");
reqAttribute.getAttributeValues().add(extraElement);
extensions.getUnknownXMLObjects().add(reqAttribute);
return extensions;
}
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="en">The Demo Test</md:ServiceName>
<md:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" >
<saml2:AttributeValue>jobname1</saml2:AttributeValue>
<saml2:AttributeValue>jobname2@</saml2:AttributeValue>
</md:RequestedAttribute>
</md:AttributeConsumingService>
@凌驾
受保护的AuthnRequest getAuthnRequest(SAMLMessageContext上下文、WebsProfileOptions选项、AssertionConsumerService assertionConsumer、SingleSignOnService bindingService)引发SAMLException、MetadataProviderException{
AuthnRequest AuthnRequest=super.getAuthnRequest(上下文、选项、断言消费者、绑定服务);
setExtensions(buildExtensions());
authnRequest.setAttributeConsumingServiceIndex(1);
返回authnRequest;
}
受保护的扩展buildExtensions(){
Extensions Extensions=new ExtensionsBuilder().buildObject();
RequestedAttribute reqAttribute=新的RequestedAttributeBuilder().buildObject();
reqAttribute.setName(“urn:oid:0.9.2342.19200300.100.1.3”);
setNameFormat(AtomicRequestedAttribute.URI\u引用);
reqAttribute.setIsRequired(真);
XSAny extralelement=new XSAnyBuilder().buildObject(“saml:AttributeValue”、“AttributeValue”、“saml”);
setextcontent(“myjobName”);
reqAttribute.GetAttributeValue().add(外部元素);
extensions.getUnknownXMLObjects().add(reqAttribute);
返回扩展;
}
演示测试
职位名称1
职位名称2@
ltdong我不是Spring Security SAML的专家(还不是:-),但我觉得您可能编写了太多代码,通过更多的XML配置可以实现您想要的 我确信,通过在类
MetadataGeneratorextendedMetadataapplicationContext security saml.xml
...