我正在尝试将我的应用程序中的SSO与Okta集成,我测试了一些示例,以了解Okta如何使用saml 2.0,例如“spring-security-saml2-sample”,但是我想在okta元数据中使用SSO所以当我点击“单点登录”按钮时,我希望我的应用程序将在okta中进行身份验证。我管理的是点击并重定向到okta,但它仍然在我的登录视图中我不知道如何实现我的Okta用户的身份验证。 谢谢
答案 0 :(得分:0)
您可以点击此链接,使用Okta https://developer.okta.com/code/java/spring_security_saml.html
设置Spring Security SAML您需要在securityContext.xml中设置元数据网址(例如" https://example.okta.com/app/exk8ft4xxxyyyy/sso/saml/metadata")。
<constructor-arg>
<list>
<!-- Example of file system metadata without Extended Metadata -->
<!--
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/usr/local/metadata/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
-->
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<!-- URL containing the metadata -->
<constructor-arg>
<!-- This URL should look something like this: https://example.okta.com/app/abc0defghijK1lmN23o4/sso/saml/metadata -->
<value type="java.lang.String">https://example.okta.com/app/exk8ft4xxxyyyy/sso/saml/metadata</value>
</constructor-arg>
<!-- Timeout for metadata loading in ms -->
<constructor-arg>
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</list>
</constructor-arg>
Spring security saml将使用您将在securityContext.xml中设置的元数据URL读取IDP(Okta)信息。
答案 1 :(得分:0)
import com.okta.saml.*;
import com.vaadin.server.*;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.opensaml.ws.security.SecurityPolicyException;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.util.List;
import java.util.Scanner;
public class TestVaadinServletService extends VaadinServletService {
protected static final String SAML_REQUEST = "SAMLRequest";
protected static final String SAML_RESPONSE = "SAMLResponse";
protected static final String RELAY_STATE = "RelayState";
private static final Logger LOGGER = Logger.getLogger(TestVaadinServletService.class);
protected SAMLValidator validator;
protected Configuration configuration;
protected Application app;
public TestVaadinServletService(VaadinServlet servlet, DeploymentConfiguration deploymentConfiguration) throws ServiceException {
super(servlet, deploymentConfiguration);
try {
InputStream stream = getClass().getResourceAsStream("/valid-config");
String file;
try {
file = convertStreamToString(stream);
} finally {
stream.close();
}
validator = new SAMLValidator();
configuration = validator.getConfiguration(file);
app = configuration.getApplication("http://www.okta.com/e***********t0h7");
if (configuration.getDefaultEntityID() == null) {
LOGGER.error("Default App has not been configured in configuration.");
} else if (app == null) {
LOGGER.error("Could not find default application in configuration : " + configuration.getDefaultEntityID());
}
} catch (Exception e) {
LOGGER.error(e);
e.printStackTrace();
}
}
@Override
protected List<RequestHandler> createRequestHandlers() {
try {
List<RequestHandler> requestHandlerList = super.createRequestHandlers();
RequestHandler requestHandler = addHandlers();
requestHandlerList.add(requestHandler);
return requestHandlerList;
} catch (ServiceException ex) {
return null;
}
}
private RequestHandler addHandlers() {
RequestHandler requestHandler = new RequestHandler() {
public boolean handleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException {
try {
if ("POST".equals(request.getMethod())) {
LOGGER.info("POST");
if (session.getAttribute("USER") == null) {
try {
String relay = request.getParameter(RELAY_STATE);
if (relay != null && !relay.isEmpty()) {
try {
String responseString = request.getParameter(SAML_RESPONSE);
if (responseString == null) {
throw new Exception("SAML parameter missing");
}
responseString = new String(org.apache.xml.security.utils.Base64.decode(responseString.getBytes("UTF-8")), Charset.forName("UTF-8"));
LOGGER.info(responseString);
SAMLResponse samlResponse = validator.getSAMLResponse(responseString, configuration);
LOGGER.info("SAML authentication successful");
request.setAttribute("user", samlResponse.getUserID());
} catch (SecurityPolicyException e) {
LOGGER.error("SAML authentication unsuccessful");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
LOGGER.error(e.getMessage());
e.printStackTrace();
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
String assertion = request.getParameter(SAML_RESPONSE);
if (assertion == null) {
throw new Exception("SAMLResponse parameter missing");
}
assertion = new String(Base64.decodeBase64(assertion.getBytes("UTF-8")), Charset.forName("UTF-8"));
LOGGER.info(assertion);
SAMLResponse samlResponse = validator.getSAMLResponse(assertion, configuration);
LOGGER.info("SAML authentification successful");
session.setAttribute("user", samlResponse.getUserID());
} catch (SecurityPolicyException e) {
LOGGER.info("SAML authentification unsuccessful");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
LOGGER.error(e);
e.printStackTrace();
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
} else if ("GET".equals(request.getMethod())) {
LOGGER.info("GET");
SAMLRequest samlRequest = validator.getSAMLRequest(app);
String encodedSAML = Base64.encodeBase64String(samlRequest.toString().getBytes());
String url = app.getAuthenticationURL();
url += "?" + SAML_REQUEST + "=" + URLEncoder.encode(encodedSAML, "UTF-8");
LOGGER.info("Redirecting to : " + url);
((VaadinServletResponse) response).sendRedirect(url);
return true;
}
} catch (Exception e) {
LOGGER.error(e);
e.printStackTrace();
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return false;
}
};
return requestHandler;
}
private static String convertStreamToString(InputStream stream) {
java.util.Scanner s = new Scanner(stream, "UTF-8").useDelimiter("\\A");
return s.hasNext() ? s.next() : "";
}