Spring security 配置Spring Security SAML以使用SHA-256作为安全哈希算法
我正在研究SpringSAML和MicrosoftADFS3.0之间的集成。即使它已经在as中声明: 双击提供程序打开它,选择tab Advanced并更改 SHA-1的“安全哈希算法”Spring security 配置Spring Security SAML以使用SHA-256作为安全哈希算法,spring-security,spring-saml,Spring Security,Spring Saml,我正在研究SpringSAML和MicrosoftADFS3.0之间的集成。即使它已经在as中声明: 双击提供程序打开它,选择tab Advanced并更改 SHA-1的“安全哈希算法” 我知道SpringSAML目前只支持SHA-1作为散列算法,但我的要求是使用SHA-256。如果我尝试仅在ADFS中为SHA-256配置,它将不起作用。我想我必须对Spring SAML做些什么。你知道怎么做吗 您应该将Spring安全配置配置为使用SHA-256签名算法 您可以覆盖或配置初始化bean,如下所
我知道SpringSAML目前只支持SHA-1作为散列算法,但我的要求是使用SHA-256。如果我尝试仅在ADFS中为SHA-256配置,它将不起作用。我想我必须对Spring SAML做些什么。你知道怎么做吗 您应该将Spring安全配置配置为使用
SHA-256
签名算法
您可以覆盖或配置初始化bean
,如下所示:
弹簧配置:
初始化bean:
package your.package;
import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;
public class SAMLConfigurationBean implements InitializingBean {
private String signatureAlgorithm ;
private String digestAlgorithm;
public void setSignatureAlgorithm(String algorithm) {
switch (algorithm) {
case "SHA256" :
signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA256;
break;
case "SHA512" :
signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA512;
break;
default:
signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
}
}
@Override
public void afterPropertiesSet() throws Exception {
BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
config.registerSignatureAlgorithmURI("RSA", signatureAlgorithm);
config.setSignatureReferenceDigestMethod(digestAlgorithm);
}
}
package your.package;
import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;
public class SAMLConfigurationBean implements InitializingBean {
@Override
public void afterPropertiesSet() throws Exception {
BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
}
}
您也可以跳过可配置部分,只需满足以下要求:
初始化bean:
package your.package;
import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;
public class SAMLConfigurationBean implements InitializingBean {
private String signatureAlgorithm ;
private String digestAlgorithm;
public void setSignatureAlgorithm(String algorithm) {
switch (algorithm) {
case "SHA256" :
signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA256;
break;
case "SHA512" :
signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA512;
break;
default:
signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
}
}
@Override
public void afterPropertiesSet() throws Exception {
BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
config.registerSignatureAlgorithmURI("RSA", signatureAlgorithm);
config.setSignatureReferenceDigestMethod(digestAlgorithm);
}
}
package your.package;
import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;
public class SAMLConfigurationBean implements InitializingBean {
@Override
public void afterPropertiesSet() throws Exception {
BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
}
}
我建议参考此GitHub示例项目: 它提供了ADFS专用配置信息,并详细说明了如何启用SHA-256签名