我们有一个Web应用程序,其前端在Angular上,后端在Spring引导下。 我们已经使用与ADFS集成的SAML插件实现了Spring Security。
我们正在使用Log4j2在我们的应用程序服务器中记录SAMLDefaultLogger。我们在服务器重启时观察到的是,尽管有任何请求发送到服务器,我们仍在不断在我们的application.log中获取AuthNrequest。
日志摘要:
2020-02-06 10:18:47.770 INFO [http-nio-8069-exec-7] {}, className=org.springframework.security.saml.log.SAMLDefaultLogger, methodName=log - AuthNRequest;SUCCESS;10.1.16.44;spn:XXXXXXXXXXXXXXXXX;https://sts.windows.net/XXXXXXXXXXXXXXX/;;<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://mco-preprd.gne.aws.cps.vodafone.com/auth" Destination="https://login.microsoftonline.com/XXXXXXXXXXXXXXX/saml2" ForceAuthn="true" ID="a4941b95df4381dj438fh836893ei3d" IsPassive="false" IssueInstant="2020-02-06T09:18:47.767Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">spn:XXXXXXXXXXXXXXXXX</saml2:Issuer></saml2p:AuthnRequest>;
2020-02-06 10:18:52.333 INFO [http-nio-8069-exec-2] {}, className=org.springframework.security.saml.log. SAMLDefaultLogger, methodName=log - AuthNRequest;SUCCESS;10.1.16.44;spn:XXXXXXXXXXXXXXXXXX;https://sts.windows.net/XXXXXXXXXXXXXXXXXXXXXXXX/;;<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://mco-preprd.gne.aws.cps.vodafone.com/auth" Destination="https://login.microsoftonline.com/XXXXXXXXXXXXXXXXXXXXXXX/saml2" ForceAuthn="true" ID="a2idjg71i1j86b6939a75hg6d3djh09" IsPassive="false" IssueInstant="2020-02-06T09:18:52.331Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">spnXXXXXXXXXXXXXXXXXX</saml2:Issuer></saml2p:AuthnRequest>;
并且我们没有从ADFS收到针对这些请求的任何AuthNResponse。