Fatal编程技术网
  • spring-security/
  • Spring security 配置Spring Security SAML以使用SHA-256作为安全哈希算法

Spring security 配置Spring Security SAML以使用SHA-256作为安全哈希算法

spring-security

Spring security 配置Spring Security SAML以使用SHA-256作为安全哈希算法,spring-security,spring-saml,Spring Security,Spring Saml,我正在研究SpringSAML和MicrosoftADFS3.0之间的集成。即使它已经在as中声明: 双击提供程序打开它,选择tab Advanced并更改 SHA-1的“安全哈希算法” 我知道SpringSAML目前只支持SHA-1作为散列算法,但我的要求是使用SHA-256。如果我尝试仅在ADFS中为SHA-256配置,它将不起作用。我想我必须对Spring SAML做些什么。你知道怎么做吗 您应该将Spring安全配置配置为使用SHA-256签名算法 您可以覆盖或配置初始化bean,如下所

我正在研究SpringSAML和MicrosoftADFS3.0之间的集成。即使它已经在as中声明:

双击提供程序打开它,选择tab Advanced并更改 SHA-1的“安全哈希算法”

我知道SpringSAML目前只支持SHA-1作为散列算法,但我的要求是使用SHA-256。如果我尝试仅在ADFS中为SHA-256配置,它将不起作用。我想我必须对Spring SAML做些什么。你知道怎么做吗

您应该将Spring安全配置配置为使用
SHA-256
签名算法

您可以覆盖或配置
初始化bean
,如下所示:

弹簧配置

初始化bean

package your.package;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;

public class SAMLConfigurationBean implements InitializingBean {

    private String signatureAlgorithm ;
    private String digestAlgorithm;

    public void setSignatureAlgorithm(String algorithm) {
        switch (algorithm) {
            case "SHA256" :
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA256;
                break;
            case "SHA512" :
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA512;
                break;
            default:
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
        }
    }

    @Override
    public void afterPropertiesSet() throws Exception {
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", signatureAlgorithm);
        config.setSignatureReferenceDigestMethod(digestAlgorithm);
    }
}

package your.package;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;

public class SAMLConfigurationBean implements InitializingBean {

    @Override
    public void afterPropertiesSet() throws Exception {
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
        config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    }
}
您也可以跳过可配置部分,只需满足以下要求:

初始化bean

package your.package;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;

public class SAMLConfigurationBean implements InitializingBean {

    private String signatureAlgorithm ;
    private String digestAlgorithm;

    public void setSignatureAlgorithm(String algorithm) {
        switch (algorithm) {
            case "SHA256" :
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA256;
                break;
            case "SHA512" :
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA512;
                break;
            default:
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
        }
    }

    @Override
    public void afterPropertiesSet() throws Exception {
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", signatureAlgorithm);
        config.setSignatureReferenceDigestMethod(digestAlgorithm);
    }
}

package your.package;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;

public class SAMLConfigurationBean implements InitializingBean {

    @Override
    public void afterPropertiesSet() throws Exception {
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
        config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    }
}
我建议参考此GitHub示例项目:

它提供了ADFS专用配置信息,并详细说明了如何启用SHA-256签名