4
我的服务提供商使用HTTP-Post绑定将请求发送给IDP。我需要在表单中添加新的字段。现在我发送“SAMLRequest”和“RelayState”,但我还需要发送“option”和“profile”,这些都是我们IDP所需的字段。我如何用Spring Saml安全完成这个任务?Spring SAML - 如何在SP HTTP请求中添加自定义字段?
我的服务提供商使用HTTP-Post绑定将请求发送给IDP。我需要在表单中添加新的字段。现在我发送“SAMLRequest”和“RelayState”,但我还需要发送“option”和“profile”,这些都是我们IDP所需的字段。我如何用Spring Saml安全完成这个任务?Spring SAML - 如何在SP HTTP请求中添加自定义字段?
您可以在SAML AuthnRequest
消息的Extensions
元素中包含其他字段。为此,您需要覆盖类WebSSOProfileImpl
并在securityContext.xml
中配置新的实现类。 Extensions
元素可以像这样构建:
package example;
import org.opensaml.common.SAMLException;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.common.impl.ExtensionsBuilder;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.impl.XSAnyBuilder;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.websso.WebSSOProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;
/**
* Customization of the AuthnRequest generation.
*/
public class WebSSOProfile extends WebSSOProfileImpl {
public WebSSOProfile() {
}
public WebSSOProfile(SAMLProcessor processor, MetadataManager manager) {
super(processor, manager);
}
@Override
protected AuthnRequest getAuthnRequest(SAMLMessageContext context, WebSSOProfileOptions options, AssertionConsumerService assertionConsumer, SingleSignOnService bindingService) throws SAMLException, MetadataProviderException {
AuthnRequest authnRequest = super.getAuthnRequest(context, options, assertionConsumer, bindingService);
authnRequest.setExtensions(buildExtensions());
return authnRequest;
}
protected Extensions buildExtensions() {
XSAny extraElement = new XSAnyBuilder().buildObject("urn:myexample:extraAttribute", "ExtraElement", "myexample");
extraElement.setTextContent("extraValue");
Extensions extensions = new ExtensionsBuilder().buildObject();
extensions.getUnknownXMLObjects().add(extraElement);
return extensions;
}
}
太棒了!谢谢! – user3754289 2014-09-08 18:39:29
任何想法如何在Grails应用程序中做到这一点?我需要重写WebSSOProfileImpl.buildReturnAddress方法。 – Newerth 2015-09-10 14:02:53
这看起来很好。如何阅读IDP端的属性? – 2016-02-13 15:37:19