Spring security 如何在Spring安全示例中配置wso2元数据_Spring Security_Wso2_Saml

Spring security 如何在Spring安全示例中配置wso2元数据

spring-security wso2

Spring security 如何在Spring安全示例中配置wso2元数据,spring-security,wso2,saml,Spring Security,Wso2,Saml,我是安全方面的新手，我从github下载了spring安全示例，该示例在SSOCIRCE中运行良好。现在我想用wso2配置它。我读了一些文章，他们提到我们必须手动编写元数据。请告诉我如何编写元数据，而不是spring安全示例中定义的元数据url 我必须给出的网址。多谢各位为此，通过为IS添加元数据xml文件来更改spring SAML示例项目，因为WSO2不会自动生成。您需要将手动创建的元数据添加到idp.xml中，如下所示 <?xml version="1.0" encoding="

我是安全方面的新手，我从github下载了spring安全示例，该示例在SSOCIRCE中运行良好。现在我想用wso2配置它。我读了一些文章，他们提到我们必须手动编写元数据。请告诉我如何编写元数据，而不是spring安全示例中定义的元数据url

我必须给出的网址。多谢各位

为此，通过为IS添加元数据xml文件来更改spring SAML示例项目，因为WSO2不会自动生成。您需要将手动创建的元数据添加到idp.xml中，如下所示

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                 entityID="localhost"
                 validUntil="2023-09-23T06:57:15.396Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" >
<md:KeyDescriptor use="signing">
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
               <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
                CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
                Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
                CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
                AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
                sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
                HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
                AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
                QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
                O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"   Location="https://localhost:9443/samlsso"    ResponseLocation="https://localhost:9443/samlsso"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"/>
   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
   <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
   <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>


MIICCCAZ6GAWIBAGIES343GJANBGKQHKIG9W0BaqufadBVMQSWCQYDVQGEWJVuzelmakga1UE
CAWCQ0ExfjaubgNvBacMDU1VDW50YWluiFzPZxxDtalBGNvBaoMBFDTziXejaqBGNvBamCwxV
Y2FSAG9ZDAEFW0xMDAYMTKWNZAYMJZAFW0ZNTAYMTMWnZAYMJZAMFUXCZAJBGNVBAYTALVTMQSW
CQYDVQQIDAJDQTEWMBQGA1EBWWNTW91BNRHAW4GVMLLDZENMASGA1ECGWEV1NPMJESBAGA1UE
AWWJBG9JYWXOB3N0MIGFMA0GCSQGSIB3DQEBAQA4GNADCBIQKBGQCUP/oV1vWc8/TkQSiAvTou
SMZOM4ASB2ILTR2QKOZNI5AVFU818MPOLZWLLJVVAA5RAADPBECB+48FjbBe0hseUdN5
HpwvnH/DW8ZCGVK53I6或Q7HLCV1ZHTUOCKGHZ/ATrhyPq+QKTMFXNRS4RKGJTZXACCU7OQID
AQABOXIWEDAOBGNVHQ8BAF8EBAMCBPAWDQYJKOZHIHVCNAQEFBQADGYEAW5WPR7Cr1LADQ+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYFTMXBUONYKNGYHM6FJFLBW2UZHQTY1JMRPPRJORMYK5SJR
O4d1DeGHT/YNIJS9JOGRKV4XHECKWLTIVDABIDWHETVZJYMSKCYYSFCVUHPQK8QC/E/Wq8uHSCo=
urn:oasis:names:tc:SAML:2.0:nameid格式：持久
urn:oasis:names:tc:SAML:2.0:nameid格式：transient
urn:oasis:names:tc:SAML:1.1:nameid格式：emailAddress
urn:oasis:names:tc:SAML:1.1:nameid格式：未指定

并将IS元数据的条目添加到securityContext.xml

更新：

在security-context.xml中，您需要更改元数据bean

<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
    <list>
        <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
            <constructor-arg>
                <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                    <constructor-arg>
                        <bean class="java.util.Timer"/>
                    </constructor-arg>
                    <constructor-arg>
                        <bean class="org.opensaml.util.resource.ClasspathResource">
                            <constructor-arg value="/metadata/idp.xml"/>
                        </bean>
                    </constructor-arg>
                    <property name="parserPool" ref="parserPool"/>
                </bean>
            </constructor-arg>
            <constructor-arg>
                <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                </bean>
            </constructor-arg>
        </bean>         
    </list>
</constructor-arg>

我希望这有帮助-Paul

这是一个非常有用的信息，但我需要知道我必须提供的元数据路径，因为我正在手动创建证书的匹配方式。我已经更新了答案krishan，您现在可以检查它