其他分享
首页 > 其他分享> > Spring SAML – 如何在SP HTTP请求中添加自定义字段?

Spring SAML – 如何在SP HTTP请求中添加自定义字段?

作者:互联网

我的服务提供商使用HTTP-Post绑定将请求发送到IDP.我需要在表单中添加新字段.现在我发送“SAMLRequest”和“RelayState”,但我还需要发送“option”和“profile”,这些是我们的IDP所需的字段.我如何使用Spring Saml安全性来实现这一目标?

解决方法:

您可以在SAML AuthnRequest消息的Extensions元素中包含其他字段.为此,您需要覆盖类WebSSOProfileImpl并在securityContext.xml中配置新的实现类.可以像下面这样构造Extensions元素:

package example;

import org.opensaml.common.SAMLException;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.common.impl.ExtensionsBuilder;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.impl.XSAnyBuilder;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.websso.WebSSOProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;

/**
 * Customization of the AuthnRequest generation.
 */
public class WebSSOProfile extends WebSSOProfileImpl {

    public WebSSOProfile() {
    }

    public WebSSOProfile(SAMLProcessor processor, MetadataManager manager) {
        super(processor, manager);
    }

    @Override
    protected AuthnRequest getAuthnRequest(SAMLMessageContext context, WebSSOProfileOptions options, AssertionConsumerService assertionConsumer, SingleSignOnService bindingService) throws SAMLException, MetadataProviderException {
        AuthnRequest authnRequest = super.getAuthnRequest(context, options, assertionConsumer, bindingService);
        authnRequest.setExtensions(buildExtensions());
        return authnRequest;
    }

    protected Extensions buildExtensions() {

        XSAny extraElement = new XSAnyBuilder().buildObject("urn:myexample:extraAttribute", "ExtraElement", "myexample");
        extraElement.setTextContent("extraValue");

        Extensions extensions = new ExtensionsBuilder().buildObject();
        extensions.getUnknownXMLObjects().add(extraElement);

        return extensions;

    }

}

标签:spring,spring-security,saml,spring-saml
来源: https://codeday.me/bug/20190528/1172919.html