Mat*_*ble 8 spring-security saml-2.0 spring-saml okta
我正在尝试使用Okta 进行spring-boot-security-saml-sample应用程序.要将Okta添加为提供程序,我对WebSecurityConfig.java进行了以下更改:
https://gist.github.com/mraible/c8b52972f76e6f5e30d5
我发现以下问题提供了一些指导,但我无法完成工作.
这就是我在Okta上使用的值:
Application label: Spring Boot SAML App
Force Authentication: false
Post Back URL: http://localhost:8080/
Name ID Format: EmailAddressRecipient
Recipient: http://localhost:8080/saml/SSO/alias/defaultAlias
Audience Restriction: com:vdenotaris:spring:sp
authnContextClassRef: PasswordProtectedTransport
Response: Signed
Assertion: Signed
Request: Compressed
Destination: http://localhost:8080/saml/SSO/alias/defaultAlias
Default Relay State: (none)
Attribute Statements: email|${user.email},firstName|${user.firstName}
看起来它可以从日志中运行:
[2014-12-30 12:18:33.004] boot - 18748 DEBUG [http-nio-8080-exec-8] --- BaseMessageEncoder: Successfully encoded message.
[2014-12-30 12:18:33.004] boot - 18748 DEBUG [http-nio-8080-exec-8] --- HttpSessionStorage: Storing message a12gf64fh3f35fgh2a8dd1fd0i0dc02 to session C5D010344EF5D022718B12B6D25F1D1E
[2014-12-30 12:18:33.004] boot - 18748 INFO [http-nio-8080-exec-8] --- SAMLDefaultLogger: AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;com:vdenotaris:spring:sp;http://www.okta.com/k2gpb06TOMYOKAWUSXJM;;;
但是,它会将我重定向到Okta的网站,而不是回到我的网站.
我让它工作了!关键似乎是将请求设置为“未压缩”。从那里,我删除了“alias/defaultAlias”,因为这似乎只有在您在扩展元数据上设置别名时才起作用。我在 Okta 端有效的设置:
Application label: Spring Boot SAML App
Force Authentication: false
Post Back URL: http://localhost:8080/saml/SSO
Name ID Format: EmailAddressRecipient
Recipient: http://localhost:8080/saml/SSO
Audience Restriction: com:vdenotaris:spring:sp
authnContextClassRef: PasswordProtectedTransport
Response: Signed
Assertion: Signed
Request: Uncompressed
Destination: http://localhost:8080/saml/SSO
Default Relay State: (none)
Attribute Statements: email|${user.email},firstName|${user.firstName}
| 归档时间: |
|
| 查看次数: |
4874 次 |
| 最近记录: |