成功认证后的Spring-SAML Endless redirect loop [英] Spring-SAML Endless redirect loop after a successful authentication

问题描述

SAML身份验证成功后:

After a successful SAML authentication :

AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;https://localhost:8443/saml/metadata;http://www.okta.com/exkdwf3hodKFkefLO0h7;;;

浏览器被重定向回无尽循环.

The browser is redirected back into an endless loop.

我坐在一个调试器中，逐步浏览Spring代码，看起来它在BasicAuthenticationFilter中出错，调用SAMLAuthenticationProvider，它不支持UsernamePasswordAuthenticationToken并引发异常，该异常继而使浏览器进入无尽的重定向.

I've sat with a debugger stepping through Spring code and looks like it is erroring out in BasicAuthenticationFilter calling SAMLAuthenticationProvider which doesn't support UsernamePasswordAuthenticationToken and throws an exception which in turn sends the browser into an endless redirect.

以前有人看过吗?

推荐答案

我将Cookie的有效期(过期)设置为与会话有效期相同，从而在定位问题的来源5天后解决了该问题.似乎具有ID的cookie(对我来说是JSESSIONID，因为我与tomcat一起工作)

I've fixed this issue after 5 days of pinpointing the source of the issue, by setting the cookies age (expiration) the same as the session age. It seems like the cookie that has the ID (for me is was JSESSIONID since i was working with tomcat)

对于我在tomcat中的情况，我将其设置为:

For my situation in tomcat I've set this:

<session-config>
    <session-timeout>60</session-timeout>
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
        <max-age>3600</max-age>
    </cookie-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

现在，会话结束后，该cookie也将被删除.可以使用新的Cookie再次进行身份验证.

Now after the session end, the cookie will be deleted too. Making it possible to authenticate again with a new cookie.

这篇关于成功认证后的Spring-SAML Endless redirect loop的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！