OpenSAML 2 到 3 迁移,如何进行身份验证重定向?
OpenSAML 2 to 3 migration, how to do an authentication redirect?
我将项目中的 OpenSAML 依赖项从 2.6.5 更新到 3.3.0,并设法迁移了大部分代码,包括库的初始化。我无法迁移的最后一个方法是负责身份验证重定向的方法。这是使用 OpenSAML 2 实现的方式:
private void doAuthenticationRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
AuthnRequest authnRequest = buildAuthnRequestObject();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(response, true);
responseAdapter.setStatusCode(HttpServletResponse.SC_MOVED_TEMPORARILY);
SAMLMessageContext<?, AuthnRequest, ?> context = makeSamlMessageContext();
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory
.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
Endpoint samlEndpoint = endpointBuilder.buildObject();
samlEndpoint.setLocation(dao.loadString((this.getClass().getName() + "_IDPRedirectURL")));
String uuid = UUIDBuilder.createUUID().toString();
context.setRelayState(uuid);
context.setPeerEntityEndpoint(samlEndpoint);
context.setOutboundSAMLMessage(authnRequest);
context.setOutboundMessageTransport(responseAdapter);
HTTPRedirectDeflateEncoder httpRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
httpRedirectDeflateEncoder.encode((MessageContext) context);
}
我很难迁移它,因为库的这一部分似乎重构了很多,但是,没有太多关于它的文档。 Message API Refactoring 给了我一些抽象的信息,我不能真正应用于我的特定情况,我也找不到任何合适的例子。有人能给我任何支持吗?
我试着调整您的 SAML 代码以与 OpenSAML v3 一起使用。希望这对您有所帮助!
private void doAuthenticationRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
AuthnRequest authnRequest = buildAuthnRequestObject(); // assume this is your method
// No response adapters needed anymore; the response now gets set directly on the encoder
response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
// check your makeSamlMessageContext() method to see if any other properties on messageContext need to be set here
MessageContext<SAMLObject> messageContext = new MessageContext<>();
messageContext.setMessage(authnRequest);
// This moved out of the Configuration class
XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
SAMLObjectBuilder<Endpoint> endpointBuilder =
(SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
Endpoint samlEndpoint = endpointBuilder.buildObject();
samlEndpoint.setLocation(dao.loadString((this.getClass().getName() + "_IDPRedirectURL")));
String uuid = UUIDBuilder.createUUID().toString(); // Assume this is your class
// RelayState is now set via this helper method, or it can be performed via:
// messageContext.getSubcontext(SAMLBindingContext.class, true).setRelayState(uuid);
SAMLBindingSupport.setRelayState(messageContext, uuid);
// Endpoint is now set via subcontexts
SAMLPeerEntityContext peerEntityContext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
endpointContext.setEndpoint(samlEndpoint);
// MessageContext and HttpServletResponse now get set directly on the encoder
HTTPRedirectDeflateEncoder httpRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
httpRedirectDeflateEncoder.setMessageContext(messageContext);
httpRedirectDeflateEncoder.setHttpServletResponse(response);
httpRedirectDeflateEncoder.initialize();
httpRedirectDeflateEncoder.encode();
}
我将项目中的 OpenSAML 依赖项从 2.6.5 更新到 3.3.0,并设法迁移了大部分代码,包括库的初始化。我无法迁移的最后一个方法是负责身份验证重定向的方法。这是使用 OpenSAML 2 实现的方式:
private void doAuthenticationRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
AuthnRequest authnRequest = buildAuthnRequestObject();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(response, true);
responseAdapter.setStatusCode(HttpServletResponse.SC_MOVED_TEMPORARILY);
SAMLMessageContext<?, AuthnRequest, ?> context = makeSamlMessageContext();
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory
.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
Endpoint samlEndpoint = endpointBuilder.buildObject();
samlEndpoint.setLocation(dao.loadString((this.getClass().getName() + "_IDPRedirectURL")));
String uuid = UUIDBuilder.createUUID().toString();
context.setRelayState(uuid);
context.setPeerEntityEndpoint(samlEndpoint);
context.setOutboundSAMLMessage(authnRequest);
context.setOutboundMessageTransport(responseAdapter);
HTTPRedirectDeflateEncoder httpRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
httpRedirectDeflateEncoder.encode((MessageContext) context);
}
我很难迁移它,因为库的这一部分似乎重构了很多,但是,没有太多关于它的文档。 Message API Refactoring 给了我一些抽象的信息,我不能真正应用于我的特定情况,我也找不到任何合适的例子。有人能给我任何支持吗?
我试着调整您的 SAML 代码以与 OpenSAML v3 一起使用。希望这对您有所帮助!
private void doAuthenticationRedirect(HttpServletRequest request, HttpServletResponse response) throws Exception {
AuthnRequest authnRequest = buildAuthnRequestObject(); // assume this is your method
// No response adapters needed anymore; the response now gets set directly on the encoder
response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
// check your makeSamlMessageContext() method to see if any other properties on messageContext need to be set here
MessageContext<SAMLObject> messageContext = new MessageContext<>();
messageContext.setMessage(authnRequest);
// This moved out of the Configuration class
XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
SAMLObjectBuilder<Endpoint> endpointBuilder =
(SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
Endpoint samlEndpoint = endpointBuilder.buildObject();
samlEndpoint.setLocation(dao.loadString((this.getClass().getName() + "_IDPRedirectURL")));
String uuid = UUIDBuilder.createUUID().toString(); // Assume this is your class
// RelayState is now set via this helper method, or it can be performed via:
// messageContext.getSubcontext(SAMLBindingContext.class, true).setRelayState(uuid);
SAMLBindingSupport.setRelayState(messageContext, uuid);
// Endpoint is now set via subcontexts
SAMLPeerEntityContext peerEntityContext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
endpointContext.setEndpoint(samlEndpoint);
// MessageContext and HttpServletResponse now get set directly on the encoder
HTTPRedirectDeflateEncoder httpRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
httpRedirectDeflateEncoder.setMessageContext(messageContext);
httpRedirectDeflateEncoder.setHttpServletResponse(response);
httpRedirectDeflateEncoder.initialize();
httpRedirectDeflateEncoder.encode();
}