springboot 集成saml2.0
时间: 2023-09-18 22:07:36 浏览: 168
好的,下面是 Spring Boot 集成 SAML 2.0 的步骤:
1. 首先,在 pom.xml 中添加 Spring Security SAML 依赖:
```xml
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>1.0.10.RELEASE</version>
</dependency>
```
2. 配置 SAML 相关的属性,可以在 application.properties 或者 application.yml 文件中添加以下属性:
```properties
# SAML SP 配置
saml2.metadata-url=https://idp.example.com/metadata
saml2.entity-id=https://sp.example.com/metadata
saml2.private-key=classpath:/saml/private.key
saml2.certificate=classpath:/saml/certificate.crt
saml2.credentials-issuer=SP Entity ID
saml2.name-id=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
saml2.sign-metadata=true
saml2.sign-requests=true
saml2.sign-responses=true
```
3. 创建 SAML 配置类,继承 SAMLConfigurerAdapter 并重写 configure 方法:
```java
@Configuration
@EnableWebSecurity
public class SAMLConfig extends SAMLConfigurerAdapter {
@Autowired
private SAMLUserDetailsService samlUserDetailsService;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/saml/**").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.userDetailsService(samlUserDetailsService)
.sso()
.defaultSuccessURL("/home")
.and()
.logout()
.logoutSuccessUrl("/")
.and()
.metadata()
.defaultIDP()
.singleSignOnService()
.binding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")
.url("https://idp.example.com/sso")
.and()
.entityID("https://idp.example.com/metadata")
.and()
.and()
.keyManager()
.privateKeyDERLocation("classpath:/saml/private.key")
.publicKeyPEMLocation("classpath:/saml/certificate.crt");
}
@Bean
public SAMLConfigurer saml() {
return new SAMLConfigurer();
}
}
```
这里的 SAMLUserDetailsService 是自定义的用户服务,用于根据 SAML 断言中的信息获取用户信息。
4. 创建 SAMLUserDetailsService 类,实现 SAMLUserDetailsService 接口:
```java
@Service
public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {
@Override
public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
// 根据断言中的信息获取用户信息
String username = credential.getNameID().getValue();
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return new User(username, "", authorities);
}
}
```
5. 创建 SAML 元数据文件,保存在 classpath:/saml/metadata.xml 中:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
entityID="https://sp.example.com/metadata">
<SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
<!-- 将 SP 的公钥放在这里 -->
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://sp.example.com/saml/logout"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://sp.example.com/saml/acs"
index="1"/>
</SPSSODescriptor>
</EntityDescriptor>
```
6. 创建 SP 的私钥和证书,保存在 classpath:/saml/private.key 和 classpath:/saml/certificate.crt 中。
至此,我们完成了 Spring Boot 集成 SAML 2.0 的全部步骤。
阅读全文