2. 질의 응답
  3. SAML 서비스 공급자 스프링 보안

SAML 서비스 공급자 스프링 보안

2014-03-18 5 views
4

스프링 보안에서 사전 구성된 서비스 공급자 메타 데이터를 사용하는 경우 확장 메타 데이터 대리자에 대해 2 개의 Bean 정의가 있어야합니까? 하나는 IDP 메타 데이터 용이고 다른 하나는 SP 메타 데이터 용입니까?SAML 서비스 공급자 스프링 보안

<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
    <constructor-arg> 
     <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
      <constructor-arg> 
       <value type="java.io.File">classpath:security/localhost_sp.xml</value> 
      </constructor-arg> 
      <property name="parserPool" ref="parserPool"/> 
     </bean> 
    </constructor-arg> 
    <constructor-arg> 
     <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> 
      <property name="local" value="true"/> 
      <property name="alias" value="default"/> 
      <property name="securityProfile" value="metaiop"/> 
      <property name="sslSecurityProfile" value="pkix"/> 
      <property name="signingKey" value="apollo"/> 
      <property name="encryptionKey" value="apollo"/> 
      <property name="requireArtifactResolveSigned" value="false"/> 
      <property name="requireLogoutRequestSigned" value="false"/> 
      <property name="requireLogoutResponseSigned" value="false"/> 
      <property name="idpDiscoveryEnabled" value="true"/> 
      <property name="idpDiscoveryURL" 
       value="https://www.server.com:8080/context/saml/discovery/alias/default"/> 
      <property name="idpDiscoveryResponseURL" 
       value="https://www.server.com:8080/context/saml/login/alias/default?disco=true"/> 
     </bean> 
    </constructor-arg> 
</bean> 




<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
    <constructor-arg> 
     <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
      <constructor-arg> 
       <value type="java.io.File">classpath:security/idp.xml</value> 
      </constructor-arg> 
      <property name="parserPool" ref="parserPool"/> 
     </bean> 
    </constructor-arg> 
    <constructor-arg> 
     <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/> 
    </constructor-arg> 
</bean>

출처

2014-03-18 user3280968

답변

10

내 질문에 대한 답변을 찾았습니다.

 <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager"> 
     <constructor-arg> 
      <list> 

      <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 
       <constructor-arg> 
        <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider"> 
         <constructor-arg> 

         <value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value> 

         </constructor-arg> 
         <constructor-arg> 
          <!-- Timeout for metadata loading in ms --> 
          <value type="int">5000</value> 
         </constructor-arg> 
         <property name="parserPool" ref="parserPool"/> 
        </bean> 
       </constructor-arg> 
       <constructor-arg> 
        <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/> 
       </constructor-arg> 
       <property name="metadataTrustCheck" value="false"/> 
      </bean> 

      <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> 

      <constructor-arg> 
        <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
         <constructor-arg> 
          <value type="java.io.File">file:///C:/SP_Metadata.xml</value> 
         </constructor-arg> 
         <property name="parserPool" ref="parserPool"/> 
        </bean> 
       </constructor-arg> 
       <constructor-arg> 
          <bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> 
         <property name="local" value="true"/> 
         <property name="alias" value="defaultAlias"/> 
         <property name="securityProfile" value="metaiop"/> 
         <property name="sslSecurityProfile" value="pkix"/> 
         <property name="signingKey" value="apollo"/> 
         <property name="encryptionKey" value="apollo"/> 
         <property name="requireArtifactResolveSigned" value="true"/> 
         <property name="requireLogoutRequestSigned" value="true"/> 
         <property name="requireLogoutResponseSigned" value="false"/> 
         <property name="idpDiscoveryEnabled" value="true"/> 
         <property name="idpDiscoveryURL" value="https://localhost/mywebapp-SNAPSHOT/saml/discovery/alias/defaultAlias"/> 
         <property name="idpDiscoveryResponseURL" value="https://localhost/mywebapp-SNAPSHOT/saml/login/alias/defaultAlias?disco=true"/> 
        </bean> 
       </constructor-arg> 
      </bean> 
      </list> 
     </constructor-arg> 
<!-- my SP_metadata had this as the entity id --> 
     <property name="hostedSPName" value="urn:test:myapp:auth"/> 
<!-- my idp metadata points to the sso circle idp --> 
      <property name="defaultIDP" value="http://idp.ssocircle.com"/> 
    </bean>

출처

2014-03-20 16:57:30 user3280968

+1

parserPool 빈은 어디서 구할 수 있습니까? – Charlires

+0

@Charlires는 ''@Bean 공개 ParserPool parserPool()는 예외를 발생 { StaticBasicParserPool 풀 = 새로운 StaticBasicParserPool(); pool.initialize(); return pool; }''' – egaga

관련 문제

 관련 문제