Spring security 如何在Spring安全示例中配置wso2元数据
我是安全方面的新手,我从github下载了spring安全示例,该示例在SSOCIRCE中运行良好。现在我想用wso2配置它。我读了一些文章,他们提到我们必须手动编写元数据。请告诉我如何编写元数据,而不是spring安全示例中定义的元数据url 我必须给出的网址。 多谢各位Spring security 如何在Spring安全示例中配置wso2元数据,spring-security,wso2,saml,Spring Security,Wso2,Saml,我是安全方面的新手,我从github下载了spring安全示例,该示例在SSOCIRCE中运行良好。现在我想用wso2配置它。我读了一些文章,他们提到我们必须手动编写元数据。请告诉我如何编写元数据,而不是spring安全示例中定义的元数据url 我必须给出的网址。 多谢各位 为此,通过为IS添加元数据xml文件来更改spring SAML示例项目,因为WSO2不会自动生成。您需要将手动创建的元数据添加到idp.xml中,如下所示 <?xml version="1.0" encoding="
为此,通过为IS添加元数据xml文件来更改spring SAML示例项目,因为WSO2不会自动生成。您需要将手动创建的元数据添加到idp.xml中,如下所示
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="localhost"
validUntil="2023-09-23T06:57:15.396Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" >
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso" ResponseLocation="https://localhost:9443/samlsso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
MIICCCAZ6GAWIBAGIES343GJANBGKQHKIG9W0BaqufadBVMQSWCQYDVQGEWJVuzelmakga1UE
CAWCQ0ExfjaubgNvBacMDU1VDW50YWluiFzPZxxDtalBGNvBaoMBFDTziXejaqBGNvBamCwxV
Y2FSAG9ZDAEFW0xMDAYMTKWNZAYMJZAFW0ZNTAYMTMWnZAYMJZAMFUXCZAJBGNVBAYTALVTMQSW
CQYDVQQIDAJDQTEWMBQGA1EBWWNTW91BNRHAW4GVMLLDZENMASGA1ECGWEV1NPMJESBAGA1UE
AWWJBG9JYWXOB3N0MIGFMA0GCSQGSIB3DQEBAQA4GNADCBIQKBGQCUP/oV1vWc8/TkQSiAvTou
SMZOM4ASB2ILTR2QKOZNI5AVFU818MPOLZWLLJVVAA5RAADPBECB+48FjbBe0hseUdN5
HpwvnH/DW8ZCGVK53I6或Q7HLCV1ZHTUOCKGHZ/ATrhyPq+QKTMFXNRS4RKGJTZXACCU7OQID
AQABOXIWEDAOBGNVHQ8BAF8EBAMCBPAWDQYJKOZHIHVCNAQEFBQADGYEAW5WPR7Cr1LADQ+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYFTMXBUONYKNGYHM6FJFLBW2UZHQTY1JMRPPRJORMYK5SJR
O4d1DeGHT/YNIJS9JOGRKV4XHECKWLTIVDABIDWHETVZJYMSKCYYSFCVUHPQK8QC/E/Wq8uHSCo=
urn:oasis:names:tc:SAML:2.0:nameid格式:持久
urn:oasis:names:tc:SAML:2.0:nameid格式:transient
urn:oasis:names:tc:SAML:1.1:nameid格式:emailAddress
urn:oasis:names:tc:SAML:1.1:nameid格式:未指定
并将IS元数据的条目添加到securityContext.xml
更新: 在security-context.xml中,您需要更改元数据bean
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/idp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
我希望这有帮助-Paul这是一个非常有用的信息,但我需要知道我必须提供的元数据路径,因为我正在手动创建证书的匹配方式。我已经更新了答案krishan,您现在可以检查它