我正在使用Spring Security的SAML扩展程序进行身份验证,而且下面的功能非常好,没有任何问题。
<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint">
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter"/>
<security:custom-filter before="CONCURRENT_SESSION_FILTER" ref="logoutFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
<!-- Below Adds an AnonymousAuthenticationFilter to the stack -->
<security:anonymous username="roleAnonymous"/>
<security:intercept-url pattern="/logon/targeturl"
access="ROLE_CUSTOMER,ROLE_ADMIN" />
<security:intercept-url pattern="/logon/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/userServlet/unprotected/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/csr/**"
access="ROLE_ADMIN" />
<security:intercept-url pattern="/**"
access="ROLE_CUSTOMER,ROLE_ADMIN" />
</security:http>
<!-- Filters for processing of SAML messages -->
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/logon/saml/login/**" filters="samlEntryPoint"/>
<security:filter-chain pattern="/logon/saml/logout/**" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/logon/saml/SSO/**" filters="uobSamlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/logon/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/logon/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/logon/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
</security:filter-chain-map>
</bean>
但是当我更改下面提到的SAML处理的网址时,它不起作用......任何想法,我做错了什么?需要的是我想从所有SAML处理网址中删除/ logon /。
<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint">
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter"/>
<security:custom-filter before="CONCURRENT_SESSION_FILTER" ref="logoutFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
<!-- Below Adds an AnonymousAuthenticationFilter to the stack -->
<security:anonymous username="roleAnonymous"/>
<security:intercept-url pattern="/logon/targeturl"
access="ROLE_CUSTOMER,ROLE_ADMIN" />
<security:intercept-url pattern="/logon/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/saml/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/userServlet/unprotected/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/csr/**"
access="ROLE_ADMIN" />
<security:intercept-url pattern="/**"
access="ROLE_CUSTOMER,ROLE_ADMIN" />
</security:http>
<!-- Filters for processing of SAML messages -->
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/SSO/**" filters="uobSamlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
</security:filter-chain-map>
</bean>
答案 0 :(得分:0)
更改网址时,您可能需要与IDP交换新的元数据。
要获得有关正在发生的事情的更多信息,您可以将loglevel设置为跟踪以下包:
:)
答案 1 :(得分:0)
在最新的Spring Security SAML版本中,您需要在SAMLEntryPoint上设置属性filterProcessesUrl