我想在我的应用程序中使用Okta集成SSO,我测试了一些示例以了解Okta如何与saml 2.0一起使用,如“spring-security-saml2-sample”它的工作原理,但我想使用SSO只是与okta元数据,所以我想当我点击按钮“单一登录”我希望我的应用程序将在okta进行身份验证。我管理的是点击并重定向到okta,但它仍然在我的登录视图中,我不知道如何实现我的Okta用户的身份验证。 谢谢单点登录登录
Q
单点登录登录
0
A
回答
0
你可以按照这个链接来设置Spring Security的SAML与1563 https://developer.okta.com/code/java/spring_security_saml.html
您将需要设置的元数据网址(如“https://example.okta.com/app/exk8ft4xxxyyyy/sso/saml/metadata”)在securityContext.xml。
<constructor-arg>
<list>
<!-- Example of file system metadata without Extended Metadata -->
<!--
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/usr/local/metadata/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
-->
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<!-- URL containing the metadata -->
<constructor-arg>
<!-- This URL should look something like this: https://example.okta.com/app/abc0defghijK1lmN23o4/sso/saml/metadata -->
<value type="java.lang.String">https://example.okta.com/app/exk8ft4xxxyyyy/sso/saml/metadata</value>
</constructor-arg>
<!-- Timeout for metadata loading in ms -->
<constructor-arg>
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</list>
</constructor-arg>
Spring Security saml将使用您将在securityContext.xml中设置的元数据url来读取IDP(Okta)信息。
+0
谢谢,是的,我使用了这种类型的例子,身份验证正常。但我不想使用Spring安全性。我只想使用okta和saml2.0进行SSO – Aladdin
0
谢谢你的帖子。我解释我想要做什么。 所以我有我loginView我有2个按钮:一个用于正常登录用户和密码,另一个是使用或连接到我的应用程序与单点登录。我看了一些示例如何读取okta在读取元数据后生成的metadata.xml,然后将其重定向到okta并返回到我的应用程序,但返回到我的loginView已成功,现在如何成功进行身份验证,因为我现在只是重定向到okta。我希望我很清楚。谢谢
import com.okta.saml.*;
import com.vaadin.server.*;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.opensaml.ws.security.SecurityPolicyException;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.util.List;
import java.util.Scanner;
public class TestVaadinServletService extends VaadinServletService {
protected static final String SAML_REQUEST = "SAMLRequest";
protected static final String SAML_RESPONSE = "SAMLResponse";
protected static final String RELAY_STATE = "RelayState";
private static final Logger LOGGER = Logger.getLogger(TestVaadinServletService.class);
protected SAMLValidator validator;
protected Configuration configuration;
protected Application app;
public TestVaadinServletService(VaadinServlet servlet, DeploymentConfiguration deploymentConfiguration) throws ServiceException {
super(servlet, deploymentConfiguration);
try {
InputStream stream = getClass().getResourceAsStream("/valid-config");
String file;
try {
file = convertStreamToString(stream);
} finally {
stream.close();
}
validator = new SAMLValidator();
configuration = validator.getConfiguration(file);
app = configuration.getApplication("http://www.okta.com/e***********t0h7");
if (configuration.getDefaultEntityID() == null) {
LOGGER.error("Default App has not been configured in configuration.");
} else if (app == null) {
LOGGER.error("Could not find default application in configuration : " + configuration.getDefaultEntityID());
}
} catch (Exception e) {
LOGGER.error(e);
e.printStackTrace();
}
}
@Override
protected List<RequestHandler> createRequestHandlers() {
try {
List<RequestHandler> requestHandlerList = super.createRequestHandlers();
RequestHandler requestHandler = addHandlers();
requestHandlerList.add(requestHandler);
return requestHandlerList;
} catch (ServiceException ex) {
return null;
}
}
private RequestHandler addHandlers() {
RequestHandler requestHandler = new RequestHandler() {
public boolean handleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException {
try {
if ("POST".equals(request.getMethod())) {
LOGGER.info("POST");
if (session.getAttribute("USER") == null) {
try {
String relay = request.getParameter(RELAY_STATE);
if (relay != null && !relay.isEmpty()) {
try {
String responseString = request.getParameter(SAML_RESPONSE);
if (responseString == null) {
throw new Exception("SAML parameter missing");
}
responseString = new String(org.apache.xml.security.utils.Base64.decode(responseString.getBytes("UTF-8")), Charset.forName("UTF-8"));
LOGGER.info(responseString);
SAMLResponse samlResponse = validator.getSAMLResponse(responseString, configuration);
LOGGER.info("SAML authentication successful");
request.setAttribute("user", samlResponse.getUserID());
} catch (SecurityPolicyException e) {
LOGGER.error("SAML authentication unsuccessful");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
LOGGER.error(e.getMessage());
e.printStackTrace();
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
String assertion = request.getParameter(SAML_RESPONSE);
if (assertion == null) {
throw new Exception("SAMLResponse parameter missing");
}
assertion = new String(Base64.decodeBase64(assertion.getBytes("UTF-8")), Charset.forName("UTF-8"));
LOGGER.info(assertion);
SAMLResponse samlResponse = validator.getSAMLResponse(assertion, configuration);
LOGGER.info("SAML authentification successful");
session.setAttribute("user", samlResponse.getUserID());
} catch (SecurityPolicyException e) {
LOGGER.info("SAML authentification unsuccessful");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
LOGGER.error(e);
e.printStackTrace();
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
} else if ("GET".equals(request.getMethod())) {
LOGGER.info("GET");
SAMLRequest samlRequest = validator.getSAMLRequest(app);
String encodedSAML = Base64.encodeBase64String(samlRequest.toString().getBytes());
String url = app.getAuthenticationURL();
url += "?" + SAML_REQUEST + "=" + URLEncoder.encode(encodedSAML, "UTF-8");
LOGGER.info("Redirecting to : " + url);
((VaadinServletResponse) response).sendRedirect(url);
return true;
}
} catch (Exception e) {
LOGGER.error(e);
e.printStackTrace();
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return false;
}
};
return requestHandler;
}
private static String convertStreamToString(InputStream stream) {
java.util.Scanner s = new Scanner(stream, "UTF-8").useDelimiter("\\A");
return s.hasNext() ? s.next() : "";
}
相关问题
- 1. 单点登录登录
- 2. 单点登录
- 3. 登录通过单点登录
- 4. Bigcommerce客户登录API(单点登录)无效登录问题
- 5. Google单点登录?
- 6. 单点登录Saml
- 7. Android单点登录
- 8. Rails单点登录
- 9. 单点登录TicketValidationException
- 10. Android单点登录
- 11. 单点登录 - SSO
- 12. openLDAP单点登录
- 13. 单点登录ADFS
- 14. 单点登录MSAL.js?
- 15. 单点登录.NET
- 16. Wordpress和Drupal单点登录/单点登录
- 17. Rails - WordPress的单点登录 - 单点登录
- 18. 使用WIF登出单点登录
- 19. Django单点登录和Php站点:跨域登录?
- 20. 单登录认证的多服务(单点登录)
- 21. 单点登录SAML拦截
- 22. ASP.NET单点登录问题
- 23. 单点登录谷歌
- 24. Oracle WebGate单点登录
- 25. Django/vBulletin单点登录
- 26. XAgent - Domino单点登录
- 27. 单点登录Joomla和Flash
- 28. Android Facebook API单点登录?
- 29. ASP.Net MVC单点登录
- 30. 谷歌单点登录
你做了什么(代码明智的)? “我管理的是点击并重定向到okta,但它仍然在我的登录视图中”是什么意思?你是否重定向到Okta?你有没有在你的应用中加入Okta的meteadata? – Alic
@Aladdin不清楚你在问什么!请分享适当的细节。 – nullpointer
我在答案中发布了一段我使用的代码 – Aladdin