Spring安全性SAML单点注销服务URL命中两次

时间:2016-11-24 12:05:38

标签: java spring-mvc spring-security saml-2.0 spring-saml

使用SAML SSL注销时遇到问题。 SingleLogoutService URL命中两次。

enter image description here 下面的IDP.xml(SP)中的SSL配置: 

<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://sso-example.com/saml/idp/profile/post/sls">  
</SingleLogoutService>

https://sso-example.com/saml/idp/profile/post/sls (击中两次)

首先击中它会摧毁饼干&amp;响应是成功的,并再次第二次命中相同的URL并返回错误消息作为响应。

SP中的Spring安全配置: 

<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
    <security:filter-chain-map request-matcher="ant">
        <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>  
        <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>  
        <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
        <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>  
        <security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>  
        <security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
        <security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>  
    </security:filter-chain-map>  
</bean>

   <!-- Handler for successful logout -->  
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">  
    <property name="defaultTargetUrl" value="/login/logout.psg"/>  
</bean>  

    <!-- Override default logout processing filter with the one processing SAML messages -->  
<bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
    <constructor-arg index="0" ref="successLogoutHandler"/>
    <constructor-arg index="1" ref="logoutHandler"/>
    <constructor-arg index="2" ref="logoutHandler"/>
</bean>

<!-- Filter processing incoming logout messages -->  
<!-- First argument determines URL user will be redirected to after successful global logout -->  
<bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
    <constructor-arg index="0" ref="successLogoutHandler"/>
    <constructor-arg index="1" ref="logoutHandler"/>
</bean>
你能告诉我这会发生什么情况吗?并且需要修改吗?

0 个答案:

没有答案
相关问题
最新问题