1. 首页
  2. 问答
  3. 单点登录登录

单点登录登录

2016-12-15 199 views
0

我想在我的应用程序中使用Okta集成SSO,我测试了一些示例以了解Okta如何与saml 2.0一起使用,如“spring-security-saml2-sample”它的工作原理,但我想使用SSO只是与okta元数据,所以我想当我点击按钮“单一登录”我希望我的应用程序将在okta进行身份验证。我管理的是点击并重定向到okta,但它仍然在我的登录视图中,我不知道如何实现我的Okta用户的身份验证。 谢谢单点登录登录

来源

2016-12-15 Aladdin

+1

你做了什么(代码明智的)? “我管理的是点击并重定向到okta,但它仍然在我的登录视图中”是什么意思?你是否重定向到Okta?你有没有在你的应用中加入Okta的meteadata? – Alic

+0

@Aladdin不清楚你在问什么!请分享适当的细节。 – nullpointer

+0

我在答案中发布了一段我使用的代码 – Aladdin

回答

0

你可以按照这个链接来设置Spring Security的SAML与1563 https://developer.okta.com/code/java/spring_security_saml.html

您将需要设置的元数据网址(如“https://example.okta.com/app/exk8ft4xxxyyyy/sso/saml/metadata”)在securityContext.xml。

<constructor-arg> 
     <list> 
      <!-- Example of file system metadata without Extended Metadata --> 
      <!-- 
      <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> 
       <constructor-arg> 
        <value type="java.io.File">/usr/local/metadata/idp.xml</value> 
       </constructor-arg> 
       <property name="parserPool" ref="parserPool"/> 
      </bean> 
      --> 

      <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider"> 
        <!-- URL containing the metadata --> 
        <constructor-arg> 
        <!-- This URL should look something like this: https://example.okta.com/app/abc0defghijK1lmN23o4/sso/saml/metadata --> 
        <value type="java.lang.String">https://example.okta.com/app/exk8ft4xxxyyyy/sso/saml/metadata</value> 
        </constructor-arg> 
        <!-- Timeout for metadata loading in ms --> 
        <constructor-arg> 
        <value type="int">5000</value> 
        </constructor-arg> 
        <property name="parserPool" ref="parserPool"/> 
       </bean> 
     </list> 
    </constructor-arg>

Spring Security saml将使用您将在securityContext.xml中设置的元数据url来读取IDP(Okta)信息。

来源

2016-12-16 00:14:57

+0

谢谢,是的,我使用了这种类型的例子,身份验证正常。但我不想使用Spring安全性。我只想使用okta和saml2.0进行SSO – Aladdin

0

谢谢你的帖子。我解释我想要做什么。 所以我有我loginView我有2个按钮:一个用于正常登录用户和密码,另一个是使用或连接到我的应用程序与单点登录。我看了一些示例如何读取okta在读取元数据后生成的metadata.xml,然后将其重定向到okta并返回到我的应用程序,但返回到我的loginView已成功,现在如何成功进行身份验证,因为我现在只是重定向到okta。我希望我很清楚。谢谢

import com.okta.saml.*; 
import com.vaadin.server.*; 
import org.apache.commons.codec.binary.Base64; 
import org.apache.log4j.Logger; 
import org.opensaml.ws.security.SecurityPolicyException; 

import javax.servlet.http.HttpServletResponse; 
import java.io.IOException; 
import java.io.InputStream; 
import java.net.URLEncoder; 
import java.nio.charset.Charset; 
import java.util.List; 
import java.util.Scanner; 

public class TestVaadinServletService extends VaadinServletService { 

    protected static final String SAML_REQUEST = "SAMLRequest"; 
    protected static final String SAML_RESPONSE = "SAMLResponse"; 
    protected static final String RELAY_STATE = "RelayState"; 
    private static final Logger LOGGER = Logger.getLogger(TestVaadinServletService.class); 


    protected SAMLValidator validator; 
    protected Configuration configuration; 
    protected Application app; 

    public TestVaadinServletService(VaadinServlet servlet, DeploymentConfiguration deploymentConfiguration) throws ServiceException { 
     super(servlet, deploymentConfiguration); 

     try { 
      InputStream stream = getClass().getResourceAsStream("/valid-config"); 
      String file; 
      try { 
       file = convertStreamToString(stream); 
      } finally { 
       stream.close(); 
      } 
      validator = new SAMLValidator(); 
      configuration = validator.getConfiguration(file); 
      app = configuration.getApplication("http://www.okta.com/e***********t0h7"); 
      if (configuration.getDefaultEntityID() == null) { 
       LOGGER.error("Default App has not been configured in configuration."); 
      } else if (app == null) { 
       LOGGER.error("Could not find default application in configuration : " + configuration.getDefaultEntityID()); 
      } 
     } catch (Exception e) { 
      LOGGER.error(e); 
      e.printStackTrace(); 
     } 
    } 

    @Override 
    protected List<RequestHandler> createRequestHandlers() { 
     try { 
      List<RequestHandler> requestHandlerList = super.createRequestHandlers(); 
      RequestHandler requestHandler = addHandlers(); 
      requestHandlerList.add(requestHandler); 
      return requestHandlerList; 
     } catch (ServiceException ex) { 
      return null; 
     } 
    } 


    private RequestHandler addHandlers() { 
     RequestHandler requestHandler = new RequestHandler() { 
      public boolean handleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException { 
       try { 
        if ("POST".equals(request.getMethod())) { 
         LOGGER.info("POST"); 
         if (session.getAttribute("USER") == null) { 
          try { 
           String relay = request.getParameter(RELAY_STATE); 
           if (relay != null && !relay.isEmpty()) { 
            try { 
             String responseString = request.getParameter(SAML_RESPONSE); 
             if (responseString == null) { 
              throw new Exception("SAML parameter missing"); 
             } 
             responseString = new String(org.apache.xml.security.utils.Base64.decode(responseString.getBytes("UTF-8")), Charset.forName("UTF-8")); 
             LOGGER.info(responseString); 

             SAMLResponse samlResponse = validator.getSAMLResponse(responseString, configuration); 
             LOGGER.info("SAML authentication successful"); 
             request.setAttribute("user", samlResponse.getUserID()); 
            } catch (SecurityPolicyException e) { 
             LOGGER.error("SAML authentication unsuccessful"); 
             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 

            } catch (Exception e) { 
             LOGGER.error(e.getMessage()); 
             e.printStackTrace(); 
             response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
            } 
           } 
           String assertion = request.getParameter(SAML_RESPONSE); 
           if (assertion == null) { 
            throw new Exception("SAMLResponse parameter missing"); 
           } 
           assertion = new String(Base64.decodeBase64(assertion.getBytes("UTF-8")), Charset.forName("UTF-8")); 
           LOGGER.info(assertion); 

           SAMLResponse samlResponse = validator.getSAMLResponse(assertion, configuration); 
           LOGGER.info("SAML authentification successful"); 
           session.setAttribute("user", samlResponse.getUserID()); 
          } catch (SecurityPolicyException e) { 
           LOGGER.info("SAML authentification unsuccessful"); 
           response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 
          } catch (Exception e) { 
           LOGGER.error(e); 
           e.printStackTrace(); 
           response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
          } 
         } 
        } else if ("GET".equals(request.getMethod())) { 
         LOGGER.info("GET"); 
         SAMLRequest samlRequest = validator.getSAMLRequest(app); 
         String encodedSAML = Base64.encodeBase64String(samlRequest.toString().getBytes()); 
         String url = app.getAuthenticationURL(); 
         url += "?" + SAML_REQUEST + "=" + URLEncoder.encode(encodedSAML, "UTF-8"); 
         LOGGER.info("Redirecting to : " + url); 
         ((VaadinServletResponse) response).sendRedirect(url); 
         return true; 
        } 
       } catch (Exception e) { 
        LOGGER.error(e); 
        e.printStackTrace(); 
        response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
       } 
       return false; 
      } 
     }; 
     return requestHandler; 
    } 

    private static String convertStreamToString(InputStream stream) { 
     java.util.Scanner s = new Scanner(stream, "UTF-8").useDelimiter("\\A"); 
     return s.hasNext() ? s.next() : ""; 
    }

来源

2016-12-16 08:34:41 Aladdin

相关问题

 相关问题