使用Gitlab进行SAML配置时遇到了一些问题。
在与我的IdP交换元数据之后,我尝试SSO连接,但它失败了。 IdP团队分析了我的AuthnRequest并且它是正确的但是thez说它是使用GET而不是预期的POST发送的。
这是我在Gitlab中的SAML配置
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] =
[
{
name: "saml",
args:
{
assertion_consumer_service_url: "https://my.website/gitlab/auth/saml/callback",
assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
idp_cert:"
-----BEGIN CERTIFICATE----- MIIFZ.... -----END CERTIFICATE-----
",
idp_sso_target_url: "https://my_idp_target_URL",
idp_sso_target_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
sso_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
protocol_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
issuer: "sp-gitlab",
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
certificate: "
-----BEGIN CERTIFICATE----- MIIFZ.... -----END CERTIFICATE-----
",
private_key:"
-----BEGIN RSA PRIVATE KEY----- MIIEFZ... -----END RSA PRIVATE KEY-----
",
security: {
authn_requests_signed: true,
embed_sign: true,
digest_method: "XMLSecurity::Document::SHA1",
signature_method: "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
}
},
label: "SSO"
}
]
我认为参数" sso_binding"定义用于发送AuthnRequest的方法,但我可能会出错......
我错过了什么? 有没有特定的方法来定义使用的方法?