由于 Spring Security SAML 的问题,我们无法从 Spring session 1.3.3 升级到 2.1.2。似乎 Spring Security SAML 无法验证 InResponseToField 值,因为正在创建两个会话 ID:
Caused by: org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message abc7b9acgecbde41927g729143f1g2
我扩展了 SAMLContextProvider 使用的 HttpSessionStorageFactory 并添加了一些日志记录以了解发生了什么:
INFO 18.12.2018 13:43:27:95 (SAMLDelegatingAuthenticationEntryPoint.java:commence:105) - Session ID before redirect: 205e92ea-7ff3-45be-bfd1-648c2ae8da8e
INFO 18.12.2018 13:43:27:111 (SamlAuthenticationConfig.java:storeMessage:413) - Storing message abc7b9acgecbde41927g729143f1g2 to session 205e92ea-7ff3-45be-bfd1-648c2ae8da8e
[用户现在被重定向到 IdP,然后被发送回应用程序]
现在出现以下错误:
Caused by: org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message abc7b9acgecbde41927g729143f1g2
这也是我们记录的内容:
INFO 18.12.2018 13:43:27:466 (SamlAuthenticationConfig.java:retrieveMessage:429) - Message abc7b9acgecbde41927g729143f1g2 …