Okta-api-使用带有CSRF的Spring-security SAML的问题 [英] Okta-api -Issue using Spring-security SAML with CSRF
问题描述
我已按照文档中列出的步骤进行操作-
I have gone thru the steps listed in the document -
一切正常,我看到生成了SAML响应,并且从OKTA到应用程序进行重新请求,但是当请求到达应用程序时,我收到此错误-
Everything works fine and I see SAML response getting generated and reditection happening to Application from OKTA but when the request reaches the application, I get this error-
type = Forbidden,状态= 403).上发现无效的CSRF令牌空" 请求参数"_csrf"或标头"X-CSRF-TOKEN".
type=Forbidden, status=403). Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
我尝试禁用csrf,但是随后它会因SAML重定向而陷入无限循环.
I have tried disabling csrf but then it goes in infinite loop with SAML redirection.
这是SecurityConfiguration.java-
Here's SecurityConfiguration.java-
package com.example;
import static org.springframework.security.extensions.saml2.config.SAMLConfigurer.saml;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${security.saml2.metadata-url}")
String metadataUrl;
@Value("${server.ssl.key-alias}")
String keyAlias;
@Value("${server.ssl.key-store-password}")
String password;
@Value("${server.port}")
String port;
@Value("${server.ssl.key-store}")
String keyStoreFilePath;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.keyStore()
.storeFilePath("saml/keystore.jks")
.password(this.password)
.keyname(this.keyAlias)
.keyPassword(this.password)
.and()
.protocol("https")
.hostname(String.format("%s:%s", "10.200.10.10", this.port))
.basePath("/")
.and()
.identityProvider()
.metadataFilePath(this.metadataUrl);
}
}
任何建议都值得赞赏.
推荐答案
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers("/saml").permitAll()
.anyRequest().authenticated().and().csrf().csrfTokenRepository(getCsrfTokenRepository());
}
private CsrfTokenRepository getCsrfTokenRepository() {
CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
tokenRepository.setCookiePath("/");
return tokenRepository;
}
添加CSRF cookie.在前端,如果您使用的是Angular,则只需导入HttpClientXsrfModule.这将获取Cookie值并设置请求标头X-XSRF-TOKEN标头
Add CSRF cookie. In the front end, if you are using Angular just import HttpClientXsrfModule. This would fetch the cookie value and set request header X-XSRF-TOKEN header
@注意:saml登录的配置仍然相同.上面的代码显示了如何添加csrf令牌.
@Note : The configuration for saml login with still be the same. The above code shows, how to add csrf token.
这篇关于Okta-api-使用带有CSRF的Spring-security SAML的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!