如何强制 Spring SAML 重新读取我的 IDP 元数据? [英] How can I force Spring SAML to reread my IDP metadata?

问题描述

我已经实现了一个 spring saml 元数据提供者，它从数据库中读取数据并为我的服务提供者和身份提供者提供服务.我还利用别名充当租户标识符.

I've implemented a spring saml metadata provider that reads from a database and serves up both my service providers and identity providers. I'm also leveraging aliases to act as tenant identifiers.

我的问题是，如果我进入数据库并将特定身份提供者的元数据修改为不同的，它似乎没有任何影响，直到我重新启动 spring saml 扩展.这与我是否等待 MetadataManager 重新加载线程启动无关.

My problem is if I go into the database and modify the metadata for a particular identity provider to be different, it doesn't seem to have any effect until I restart the spring saml extension. This is independent of whether I wait for the MetadataManager reload thread to kick off.

这里缓存了什么?我可以阻止这种行为吗?

What's being cached here? Can I prevent this behavior?

看起来有些东西被缓存在 SAML 消息验证代码中.如果我使用无效的元数据启动进程，然后更正元数据，我无论如何都会得到 Authentication Failed: Incoming SAML message is invalid.

It looks like something is being cached in the SAML message validation code. If I start up the process with invalid metadata, then correct the metadata, I will no matter what get Authentication Failed: Incoming SAML message is invalid.

任何帮助将不胜感激.

我相信我找到了发生这种情况的位置:在 MetadataCredentialResolver.java 中，凭据在从元数据提供程序检索后通过调用 cacheCredentials 进行缓存.

I believe I found the location where this is happening: In MetadataCredentialResolver.java, the credentials are cached via a call to cacheCredentials after it retrieves it from the metadata provider.

推荐答案

通过覆盖 MetadataCredentialResolver 并使 cacheCredentials 成为空操作，我能够解决这个问题.

I was able to solve this problem by overriding MetadataCredentialResolver and making cacheCredentials a no-op.

这篇关于如何强制 Spring SAML 重新读取我的 IDP 元数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！