Accueil Explorer Aide
S'inscrire Connexion
github
/
spring-security
miroir de https://github.com/spring-projects/spring-security
2
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: f39d272a86
Branches Tags
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
servlet
/
saml2
/
metadata.adoc

metadata.adoc 2.1 KB
Historique Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. [[servlet-saml2login-metadata]]
    2. 

  2. = Producing `<saml2:SPSSODescriptor>` Metadata
    3. 

  3. 

  4. You can publish a metadata endpoint by adding the `Saml2MetadataFilter` to the filter chain, as you'll see below:
    5. 

  5. 

  6. ====
    7. 

  7. .Java
    8. 

  8. [source,java,role="primary"]
    9. 

  9. ----
    10. 

  10. DefaultRelyingPartyRegistrationResolver relyingPartyRegistrationResolver =
    11. 

  11.         new DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository);
    12. 

  12. Saml2MetadataFilter filter = new Saml2MetadataFilter(
    13. 

  13.         relyingPartyRegistrationResolver,
    14. 

  14.         new OpenSamlMetadataResolver());
    15. 

  15. 

  16. http
    17. 

  17.     // ...
    18. 

  18.     .saml2Login(withDefaults())
    19. 

  19.     .addFilterBefore(filter, Saml2WebSsoAuthenticationFilter.class);
    20. 

  20. ----
    21. 

  21. 

  22. .Kotlin
    23. 

  23. [source,kotlin,role="secondary"]
    24. 

  24. ----
    25. 

  25. val relyingPartyRegistrationResolver: Converter<HttpServletRequest, RelyingPartyRegistration> =
    26. 

  26.     DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository)
    27. 

  27. val filter = Saml2MetadataFilter(
    28. 

  28.     relyingPartyRegistrationResolver,
    29. 

  29.     OpenSamlMetadataResolver()
    30. 

  30. )
    31. 

  31. 

  32. http {
    33. 

  33.     //...
    34. 

  34.     saml2Login { }
    35. 

  35.     addFilterBefore<Saml2WebSsoAuthenticationFilter>(filter)
    36. 

  36. }
    37. 

  37. ----
    38. 

  38. ====
    39. 

  39. 

  40. You can use this metadata endpoint to register your relying party with your asserting party.
    41. 

  41. This is often as simple as finding the correct form field to supply the metadata endpoint.
    42. 

  42. 

  43. By default, the metadata endpoint is `+/saml2/service-provider-metadata/{registrationId}+`.
    44. 

  44. You can change this by calling the `setRequestMatcher` method on the filter:
    45. 

  45. 

  46. ====
    47. 

  47. .Java
    48. 

  48. [source,java,role="primary"]
    49. 

  49. ----
    50. 

  50. filter.setRequestMatcher(new AntPathRequestMatcher("/saml2/metadata/{registrationId}", "GET"));
    51. 

  51. ----
    52. 

  52. 

  53. .Kotlin
    54. 

  54. [source,kotlin,role="secondary"]
    55. 

  55. ----
    56. 

  56. filter.setRequestMatcher(AntPathRequestMatcher("/saml2/metadata/{registrationId}", "GET"))
    57. 

  57. ----
    58. 

  58. ====
    59. 

  59. 

  60. Or, if you have registered a custom relying party registration resolver in the constructor, then you can specify a path without a `registrationId` hint, like so:
    61. 

  61. 

  62. ====
    63. 

  63. .Java
    64. 

  64. [source,java,role="primary"]
    65. 

  65. ----
    66. 

  66. filter.setRequestMatcher(new AntPathRequestMatcher("/saml2/metadata", "GET"));
    67. 

  67. ----
    68. 

  68. 

  69. .Kotlin
    70. 

  70. [source,kotlin,role="secondary"]
    71. 

  71. ----
    72. 

  72. filter.setRequestMatcher(AntPathRequestMatcher("/saml2/metadata", "GET"))
    73. 

  73. ----
    74. 

  74. ====
    75.