我一直看到以下用于注冊 SAML 身份提供商的代碼塊:
spring:
security:
saml2:
relyingparty:
registration:
adfs:
identityprovider:
entity-id: https://idp.example.com/issuer
verification.credentials:
- certificate-location: "classpath:idp.crt"
singlesignon.url: https://idp.example.com/issuer/sso
singlesignon.sign-request: false
但是,我有一個較舊的專案,我需要實作多個不是基于 Spring Boot 構建的 SAML 身份提供程式,并且轉換它不是一個選項(如果我們今天開始同一個專案,我們當然會使用 Spring Boot)。
上面的代碼如何轉換為手動執行此操作?
uj5u.com熱心網友回復:
您可以通過公開型別為 的 bean 來做到這一點RelyingPartyRegistrationRepository:
@Value("${verification.key}")
File verificationKey;
@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
X509Certificate certificate = X509Support.decodeCertificate(this.verificationKey);
Saml2X509Credential credential = Saml2X509Credential.verification(certificate);
RelyingPartyRegistration registration = RelyingPartyRegistration
.withRegistrationId("example")
.assertingPartyDetails(party -> party
.entityId("https://idp.example.com/issuer")
.singleSignOnServiceLocation("https://idp.example.com/SSO.saml2")
.wantAuthnRequestsSigned(false)
.verificationX509Credentials(c -> c.add(credential))
)
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
application.yml您提到的屬性只是從 Spring Boot 宣告此 bean 的快捷方式。Spring Security 示例存盤庫中有一個不使用 Spring Boot的完整示例。
此外,Spring Security 檔案中有一個完整的部分教你如何覆寫 Spring Boot 自動配置(我在上面使用了代碼塊)。
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/377909.html