如何生成Java Spring应用程序的元数据文件,以与Identity Provider(例如Ping Federate)建立连接? [英] How can I generate metadata file of my Java Spring Application to establish a connection with Identity Provider like Ping Federate?
问题描述
我正在使用Single Sign On(SSO)一段时间.我使用Ping Federate作为身份提供者(IdP),并使用示例Java spring-boot应用程序作为服务提供者(SP).使用的协议是SAML.
I am working with Single Sign On (SSO) for some time. I am using Ping Federate as an Identity Provider(IdP) and a sample Java spring-boot application as the Service Provider(SP). The protocol used is SAML.
我已经使用
I have downloaded the spring application from https://start.spring.io with "Web" and "Security" dependencies and looking forward to establishing a connection. It is required to upload the metadata file of the spring app which is the Service Provider in this case at Ping Federate while doing the configuration. I want to know how can I generate the metadata file for my spring app?
我介绍了一些文档,但束手无策. https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html
I referred some docs but could not help myself. https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html
任何帮助都是有用的.
推荐答案
要解决您的问题如何为我的spring应用程序生成元数据文件?",
To address your question "how can I generate the metadata file for my spring app?",
(1)我下载了Ping Federate的最新版本,即pingfederate-9.2.2.zip
(1) I downloaded the latest release of Ping Federate, i.e., pingfederate-9.2.2.zip
(2)我已在Ubuntu 16.04上构建了"Ping Federate作为身份提供者(IdP)和一个示例Java春季启动应用程序作为Service Provider(SP)",并参考您的帖子提供的信息.
(2) I have built "Ping Federate as an Identity Provider(IdP) and a sample Java spring-boot application as the Service Provider(SP)" on Ubuntu 16.04 with reference to the information provided by your post.
(3)然后,我成功参考"Ping Federate作为身份提供者(IdP)"和示例Java spring-boot应用程序作为Service Provider(SP)"之间的SAML通信进行了验证.您的帖子.
(3) Then I have validated the SAML communication between "Ping Federate as an Identity Provider(IdP)" and "a sample Java spring-boot application as the Service Provider(SP)" successfully with reference to the information provided by your post.
以下响应和答案将帮助您通过"Ping Federate(作为身份提供者(IdP))"提供的SAML SSO登录到我的spring应用程序(作为服务提供者(SP))".
The following responses and answer will help you to log in to "my spring app (as Service Provider (SP))" through SAML SSO provided by "Ping Federate (as an Identity Provider(IdP))".
(1)引用您的帖子我已经从
(1) Quote your post "I have downloaded the spring application from https://start.spring.io with "Web" and "Security" dependencies and looking forward to establishing a connection."
响应:
通过执行以下命令,我执行了与您相同的任务.
I performed the same tasks as you did by executing the commands below.
# Download demo.zip from https://start.spring.io with "Web" and "Security" dependencies
$unzip demo.zip
$cd demo
$sudo mvn package
$sudo cp target/demo-0.0.1-SNAPSHOT.war /opt/tomcat/webapps/
$ls /opt/tomcat/webapps/demo-0.0.1-SNAPSHOT/WEB-INF/
classes lib lib-provided
现在,我们发现spring应用程序(您通过"Web"和"Security"依赖关系下载)未随SAML SP一起安装.换句话说,spring应用程序不是启用SAML SP的应用程序. 因此,我无法为我的Spring应用程序生成元数据文件".
Now we discover that the spring application (you downloaded with "Web" and "Security" dependencies) did NOT installed with SAML SP. In other words, the spring application is NOT SAML SP-enabled application. Therefore "I can NOT generate the metadata file for my spring app".
(2) Quote your post "I referred some docs but could not help myself. https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html"
响应:
Quote the important information provided by the above link "spring-security-saml" in your post
4.2.1 Downloading sample application
Download the Spring SAML Extension either from sources or from one of the releases.
(I)单击GitHub上的从源" 的链接存储库.
(I) Click the link of "from sources" at GitHub repository.
然后单击文件夹样本"(即 spring- security-saml/samples/)以阅读如何运行身份提供程序(IDP)和服务提供程序(SP)的简单示例"上的自述文件.
Then click folder "samples" (i.e., spring-security-saml/samples/) to read the README on "How to run a simple sample of an Identity Provider (IDP) and Service Provider (SP)".
(II)按照README提供的说明,我已经成功验证了"SP启动登录和IDP启动登录".
(II) Follow the instructions provided by README, I have validated "SP initiated login and IDP initiated login" successfully.
因为示例应用程序将主机名硬编码为localhost
Because the sample applications hardcoded the host name as localhost,
在不失一般性的前提下,通过出于演示目的修改本地计算机的DNS主机文件,我们假设
without loss of generality, by modifying the DNS host file of your local machine for demo purpose, we assume that
"Ping联邦作为身份提供者(IdP)"的主机名是ping.example.com
the host name of "Ping Federate as an Identity Provider(IdP)" is ping.example.com
作为服务提供者(SP)的示例Java春季启动应用程序"的主机名是localhost
the host name of "a sample Java spring-boot application as the Service Provider(SP)" is localhost
(3)引出您的问题在进行配置时,需要在Ping Federate上载Spring App的元数据文件,在这种情况下,该应用程序是服务提供商.我想知道如何为该程序生成元数据文件.我的春季应用程序?"
(3) Quote your question "It is required to upload the metadata file of the spring app which is the Service Provider in this case at Ping Federate while doing the configuration. I want to know how can I generate the metadata file for my spring app?"
答案:
(I)访问使用"spring-security-saml/samples/"构建的spring应用程序的SAML SP元数据文件端点,
(I) Access the SAML SP metadata file endpoint of the spring app built with "spring-security-saml/samples/",
http://localhost:8080/sample-sp/saml/sp/metadata
为我的spring应用程序生成/下载元数据文件",即saml-sp-metadata.xml
to "generate/download the metadata file for my spring app", i.e., saml-sp-metadata.xml
(II)将我的Spring应用程序的元数据文件(即saml-sp-metadata.xml)上传到"Ping Federate作为身份提供者(IdP)"
(II) Upload the the metadata file for my spring app (i.e., saml-sp-metadata.xml) into "Ping Federate as an Identity Provider(IdP)"
(III)将"Ping Federate作为身份提供者(IdP)"的IdP元数据文件上传到我的Spring应用程序作为服务提供者(SP)"中
(III) Upload the IdP metadata file of "Ping Federate as an Identity Provider(IdP)" into "my spring app as Service Provider (SP)"
(a)在我的Spring应用程序作为服务提供商(SP)"的配置文件的末尾添加以下代码
(a) Add the code below at the end of the configuration file of "my spring app as Service Provider (SP)"
$sudo vi spring-security-saml/samples/boot/simple-service-provider/src/main/resources/application.yml
- alias: pingfederate
metadata: https://ping.example.com:9031/pf/federation_metadata.ping?PartnerSpId=spring.security.saml.sp.id
link-text: Ping Federate IDP
authentication-request-binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
(b) Restart my spring app as Service Provider (SP) by following the README on "How to run a simple sample of an Identity Provider (IDP) and Service Provider (SP)" at GitHub repository
以便将"Ping Federate作为身份提供者(IdP)"的IdP元数据上载到我的Spring应用程序作为服务提供者(SP)"中.
in order to upload the IdP metadata of "Ping Federate as an Identity Provider(IdP)" into "my spring app as Service Provider (SP)".
(IV)验证Ping Federate(作为身份提供者(IdP))为我的春季应用程序(作为服务提供者(SP))提供的SAML SSO
(IV) Validate SAML SSO provided by Ping Federate (as an Identity Provider(IdP)) for my spring app (as Service Provider (SP))
(a)为我的春季应用程序作为服务提供商(SP)"访问Ping Federate IdP启动的SSO端点
(a) Access Ping Federate IdP initiated SSO endpoint for "my spring app as Service Provider (SP)"
https://ping .example.com:9031/idp/startSSO.ping?PartnerSpId = spring.security.saml.sp.id
(b)将Ping Federate本地用户帐户的用户名/密码凭证(例如johndoe/密码)提交到弹出对话框中
(b) Submit your username/password credential (e.g., johndoe/password) of Ping Federate local user account into the pop-up dialog box
(c)您已重定向并成功以服务提供商(SP)身份登录到我的spring应用程序.
(c) You are redirected and logged in to my spring app as Service Provider (SP) successfully.
以下消息将作为服务提供商(SP)显示在我的spring应用程序的主屏幕上.
The following message will be displayed on the home screen of my spring app as Service Provider (SP).
Success User:johndoe
You are authenticated!
这篇关于如何生成Java Spring应用程序的元数据文件,以与Identity Provider(例如Ping Federate)建立连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
