下面打印的是由于IP和SP之间的时区差异导致的auth故障问题的堆栈跟踪。有没有办法在spring security中配置它?
org.opensaml.common.SAMLException:响应发布时间太旧或未来日期,偏差60,时间2015-06-11T09:27:49.000Z 在org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:126) 在org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82) 在org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) 在org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84) 在org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342) 在org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 在org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342)
答案 0 :(得分:0)
您可以从spring-saml docs获取帮助来配置WebSSOProfileConsumerImpl bean以配置时间。
您可以尝试更新refreshToken元数据的时间
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/idp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
<property name="minRefreshDelay" value="120000"/>
<property name="maxRefreshDelay" value="300000"/>
</bean>
并尝试更新maxAuthenticationAge时间。
<bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl">
<property name="maxAuthenticationAge" value="28800"/>
</bean>