Spring Security Saml-SP和IDP之间的时差 [英] Spring security Saml - Time difference between SP and IDP

问题描述

我正在寻找增加saml消息的过期时间的方法.我将Spring Security与SAML 1.0.0-RC2结合使用.

I am looking for a way to increase the expiration time of my saml messages. I use Spring Security with SAML 1.0.0-RC2.

此刻，如果服务器**时间过长，例如5分钟，出现以下错误:

At this moment, if the servers** time are too different, e.g. 5 minutes, I got following error:

HTTP Status 401 - Authentication Failed:Error validating SAML message: SAML response is not valid; nested exception is org.opensaml.common.SAMLException: SAML response is not valid

我想将到期时间设置为10分钟，以防止出现这些错误.我一直在看文档，但是我不知道如何更改到期时间.如果我查看

I want to set the expiration time to 10 minutes, to prevent those errors. I have been looking at the documentation, but I don't understand how to change the expiration time. If I look at the Configuration authentication object section, one would be able to change the expiration time but I fail to grasp the idea.

有人可以帮我吗?

**我的服务器(SP)和客户的服务器(IDP，很可能是安装了ADFS的服务器).

** My server (SP) and server of the customer (IDP, most likely a server with ADFS installed).

推荐答案

在Stefan回答之后，我知道去哪里看看！实际上，文档确实描述了这件事，但我没有选择:

After Stefan's anwser, I knew where to look! Actually the docs did describe this thing, I just didn't pick it up: 10.3 Validity intervals. Cheers to Stefan for pointing out the responseSkew property!

只需将属性responseSkew添加到WebSSOProfileConsumerImpl和SingleLogoutProfileImpl Bean中即可:

Just add the property responseSkew to the WebSSOProfileConsumerImpl and SingleLogoutProfileImpl beans:

<bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl">
    <property name="responseSkew" value="600"/> <!-- 10 minutes -->
</bean>

<bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl">
    <property name="responseSkew" value="600"/> <!-- 10 minutes -->
</bean>

这篇关于Spring Security Saml-SP和IDP之间的时差的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！