我遇到了一个我似乎无法解决的严重问题。我一直在这里使用spring boot示例:https://github.com/vdenotaris/spring-boot-security-saml-sample来集成一个新的SP。使用HttpMetaDataProvider时一切进展顺利,但最近我不得不改用使用FileSystemMetadataProvider,事情进展不顺利。
我的所有元数据似乎都正确加载但是当我执行身份验证请求时,我得到了:
org.springframework.security.saml.websso.ArtifactResolutionProfileBase.resolveArtifact(ArtifactResolutionProfileBase.java:77)
我已经通过问题进行了调试,看起来ArtifactResolutionProfileBase中的MetadataManager为空,但是,我不明白为什么,我只是卡住了!
这是我的配置:
// Setup advanced info about metadata
@Bean
@Qualifier("idp-extended-metadata")
public ExtendedMetadata idpExtendedMetadata() {
ExtendedMetadata extendedMetadata = new ExtendedMetadata();
return extendedMetadata;
}
// Setup advanced info about metadata
@Bean
@Qualifier("sp-extended-metadata")
public ExtendedMetadata spExtendedMetadata() {
ExtendedMetadata extendedMetadata = new ExtendedMetadata();
//sp meta data needs local set
extendedMetadata.setLocal(true);
extendedMetadata.setIdpDiscoveryEnabled(false);
extendedMetadata.setIdpDiscoveryResponseURL(environment.getProperty("sp.base.url"));
extendedMetadata.setSignMetadata(false);
extendedMetadata.setSigningKey("student-saml");
extendedMetadata.setEncryptionKey("student-saml");
extendedMetadata.setRequireArtifactResolveSigned(false);
extendedMetadata.setRequireLogoutRequestSigned(false);
extendedMetadata.setRequireLogoutResponseSigned(false);
return extendedMetadata;
}
@Bean
@Qualifier("ccc-idp")
public ExtendedMetadataDelegate CCCIdpExtendedMetadataProvider()
throws MetadataProviderException, IOException {
DefaultResourceLoader loader = new DefaultResourceLoader();
Resource metadatafile = loader.getResource("classpath:" + environment.getProperty("ccc.idp.metadatafile"));
FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(metadatafile.getFile());
filesystemMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate =
new ExtendedMetadataDelegate(filesystemMetadataProvider, idpExtendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(false);
extendedMetadataDelegate.setMetadataRequireSignature(false);
extendedMetadataDelegate.initialize();
return extendedMetadataDelegate;
}
@Bean
@Qualifier("student-sp-metadata")
public ExtendedMetadataDelegate studentSPMetadata()
throws MetadataProviderException, IOException {
DefaultResourceLoader loader = new DefaultResourceLoader();
Resource metadatafile = loader.getResource("classpath:" + environment.getProperty("student.sp.metadatafile"));
FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(metadatafile.getFile());
filesystemMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate =
new ExtendedMetadataDelegate(filesystemMetadataProvider, spExtendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(false);
extendedMetadataDelegate.setMetadataRequireSignature(false);
extendedMetadataDelegate.initialize();
return extendedMetadataDelegate;
}
// Do not forget to call iniitalize method on providers
@Bean
@Qualifier("metadata")
public MetadataManager metadata() throws MetadataProviderException, IOException {
List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
ExtendedMetadataDelegate spMeta = studentSPMetadata();
ExtendedMetadataDelegate idpMeta = CCCIdpExtendedMetadataProvider();
providers.add(idpMeta);
providers.add(spMeta);
MetadataManager meta = new MetadataManager(providers);
meta.setHostedSPName(environment.getProperty("sp.entity.id"));
meta.setKeyManager(keyManager());
return meta;
}
非常感谢任何帮助!
答案 0 :(得分:0)
您可以尝试在artifactResolutionProfile中添加MetadataManager。这对我有用。
您应遵循命名约定并将CCCIdpExtendedMetadataProvider方法重命名为以小写字母开头。
private ArtifactResolutionProfile artifactResolutionProfile() throws MetadataProviderException, ResourceException {
final ArtifactResolutionProfileImpl artifactResolutionProfile =
new ArtifactResolutionProfileImpl(httpClient());
artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding()));
List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
providers.add(CCCIdpExtendedMetadataProvider());
MetadataManager metadataManager = new MetadataManager(providers);
artifactResolutionProfile.setMetadata(metadataManager);
metadataManager.refreshMetadata();
return artifactResolutionProfile;
}