如何强制 Spring SAML 重新读取我的 IDP 元数据? [英] How can I force Spring SAML to reread my IDP metadata?
问题描述
我已经实现了一个 spring saml 元数据提供者,它从数据库中读取数据并为我的服务提供者和身份提供者提供服务.我还利用别名充当租户标识符.
I've implemented a spring saml metadata provider that reads from a database and serves up both my service providers and identity providers. I'm also leveraging aliases to act as tenant identifiers.
我的问题是,如果我进入数据库并将特定身份提供者的元数据修改为不同的,它似乎没有任何影响,直到我重新启动 spring saml 扩展.这与我是否等待 MetadataManager 重新加载线程启动无关.
My problem is if I go into the database and modify the metadata for a particular identity provider to be different, it doesn't seem to have any effect until I restart the spring saml extension. This is independent of whether I wait for the MetadataManager reload thread to kick off.
这里缓存了什么?我可以阻止这种行为吗?
What's being cached here? Can I prevent this behavior?
看起来有些东西被缓存在 SAML 消息验证代码中.如果我使用无效的元数据启动进程,然后更正元数据,我无论如何都会得到 Authentication Failed: Incoming SAML message is invalid.
It looks like something is being cached in the SAML message validation code. If I start up the process with invalid metadata, then correct the metadata, I will no matter what get Authentication Failed: Incoming SAML message is invalid.
任何帮助将不胜感激.
我相信我找到了发生这种情况的位置:在 MetadataCredentialResolver.java 中,凭据在从元数据提供程序检索后通过调用 cacheCredentials 进行缓存.
I believe I found the location where this is happening: In MetadataCredentialResolver.java, the credentials are cached via a call to cacheCredentials after it retrieves it from the metadata provider.
推荐答案
通过覆盖 MetadataCredentialResolver 并使 cacheCredentials 成为空操作,我能够解决这个问题.
I was able to solve this problem by overriding MetadataCredentialResolver and making cacheCredentials a no-op.
这篇关于如何强制 Spring SAML 重新读取我的 IDP 元数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!