Spring SAML-如何在SP上启动登录并在IdP响应后进行处理时如何记住请求参数 [英] Spring saml - how remember request parameter when initiate login on SP, and procesing them after IdP response

问题描述

我想记住站点(SP)的第一个请求中的url请求参数，并在IdP响应后使用它们.

I want remember url request parameter from first request of my site (SP) and use them after response from IdP.

我正在使用spring-saml扩展，并考虑了relayState属性，但是找不到使用请求中的参数构建它的示例.

I'm using spring-saml extension and think about relayState attribute but can't find example how build it with parameters from request.

在sso身份验证过程之后，我需要重定向用户到目标页面(应用程序模块)取决于第一次请求中的内容.

I need that for redirect user after sso authentication process to target page (module of application) depends on what was in first request.

推荐答案

Spring SAML示例应用程序具有开箱即用的行为.当用户点击受Spring Security保护并需要身份验证系统的页面时:

Spring SAML sample application behaves like this out of the box. When user hits a page which is protected by Spring Security and requires authentication system:

• 通过将信息存储到HTTP会话中来记住用于调用页面的参数(使用ExceptionTranslationFilter和HttpSessionRequestCache在Spring Security中自动完成)
• 调用Spring SAML的入口点(SAMLEntryPoint类)，该入口点将用户重定向到IDP(在选择IDP之后可能会发生)
• 用户在IDP上进行身份验证，然后重定向回您的应用程序
• Spring SAML验证响应并调用AuthenticationSuccessHandler，(在示例应用程序中)该类型为org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
• 成功处理程序检查是否存在存储的请求(在第一步中将其放入)，如果存在，则使用户的浏览器使用与初始设置相同的参数集来打开记住的页面
• 现在，只要经过身份验证的用户有权访问该页面，安全检查就应该通过

• remembers parameters which were used to invoke the page (done automatically inside Spring Security using ExceptionTranslationFilter and HttpSessionRequestCache) by storing the information into the HTTP session
• invokes Spring SAML's entry point (SAMLEntryPoint class) which redirects user to the IDP, possible after IDP selection
• user authenticates at IDP and is redirected back to your application
• Spring SAML verifies the response and invokes AuthenticationSuccessHandler, which (in the sample application) is of type org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
• the success handler checks whether there's a stored request (put there in the first step) and if so it makes user's browser to open the remembered page with the same set of parameters as initially
• the security check should now pass, provided the authenticated user is authorized to access the page

您当然可以根据需要使用中继状态来实现此目的.设置中继状态的正确方法是扩展SAMLEntryPoint，覆盖方法getProfileOptions并在返回的WebSSOProfileOptions对象中返回所需的中继状态.

You could of course implement this using relay state as you intended. The correct way to set relay state is by extending SAMLEntryPoint, overriding method getProfileOptions and returning your desired relay state in the returned WebSSOProfileOptions object.

然后，您可以将AuthenticationSuccessHandler更改为org.springframework.security.saml.SAMLRelayStateSuccessHandler，这将重定向到成功身份验证后从中继状态返回的URL.

You can then change the AuthenticationSuccessHandler to org.springframework.security.saml.SAMLRelayStateSuccessHandler which make redirect to the URL returned from the relay state after successful authentication.

这篇关于Spring SAML-如何在SP上启动登录并在IdP响应后进行处理时如何记住请求参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！