我正在尝试将spring-security-saml与现有应用程序集成,以允许该应用程序充当服务提供者。
不幸的是,我似乎无法让元数据过滤器工作。 webapp毫不费力地启动,但当我点击$ contextPath / saml / metadata时,我在日志中收到以下堆栈跟踪。
2014-10-24 13:52:38,779 54025 [1045652139@qtp-718389251-8] WARN org.mortbay.log - /sf/saml/metadata/
org.opensaml.saml2.metadata.provider.MetadataProviderException: No hosted service provider is configured and no alias was selected
at org.springframework.security.saml.context.SAMLContextProviderImpl.populateLocalEntity(SAMLContextProviderImpl.java:311) ~[spring-security-saml2-core
-1.0.0.RELEASE.jar:1.0.0.RELEASE]
at org.springframework.security.saml.context.SAMLContextProviderImpl.populateLocalContext(SAMLContextProviderImpl.java:216) ~[spring-security-saml2-cor
e-1.0.0.RELEASE.jar:1.0.0.RELEASE]
at org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalEntity(SAMLContextProviderImpl.java:107) ~[spring-security-saml2-core-1.0.
0.RELEASE.jar:1.0.0.RELEASE]
at org.springframework.security.saml.metadata.MetadataDisplayFilter.processMetadataDisplay(MetadataDisplayFilter.java:114) ~[spring-security-saml2-core-1.0.0.RELEASE.jar:1.0.0.RELEASE]
at org.springframework.security.saml.metadata.MetadataDisplayFilter.doFilter(MetadataDisplayFilter.java:88) ~[spring-security-saml2-core-1.0.0.RELEASE.jar:1.0.0.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.3.RELEASE.jar:3.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ~[spring-security-web-3.2.3.RELEASE.jar:3.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) ~[spring-security-web-3.2.3.RELEASE.jar:3.2.3.RELEASE]
我的元数据配置如下:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg ref="metadataGenerator"/>
</bean>
<bean id="metadataGenerator" class="org.springframework.security.saml.metadata.MetadataGenerator">
<!--<property name="entityBaseURL" value="${env.shibboleth.entityBaseUrl"/>-->
<property name="bindingsSSO">
<list>
<value>redirect</value>
<value>artifact</value>
</list>
</property>
<property name="entityId" value="${env.shibboleth.entityId}"/>
<prop
</bean>
我们目前正在使用:
在这一点上,我很大程度上不知所措,因为我们并没有尝试进行多租户设置,这是唯一提到别名的地方长度,从我所看到的,metadataGenerator定义了一个服务提供者?
答案 0 :(得分:7)
metadataGeneratorFilter
需要在调用MetadataDisplayFilter
之前执行,请确保在<security:http>
元素中包含以下声明:
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
此外,entityId
的值似乎表明您对IDP(Shibboleth)和SP(Spring SAML应用程序)使用相同的entityId
。确保两个实体的值都是唯一。