本文介绍了消费SAMLResponse令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

基于SAML SP身份验证以下简称工作流程。

SAML sp-based authentication has following short workflow.


  • 用户希望在SP上访问应用程序。

  • SP发送SAMLRequest令牌IDP。

  • IDP消耗,并产生SAMLResponse令牌。

  • IDP发送该SAMLResponse令牌由SP给出AC-URL。

我的问题是如何消耗SP这个SAMLResponse令牌。
这是什么逻辑?
如果我能得到一些JAVA code有助于将是有益的。

My Question is how sp consume this SAMLResponse token.What is the logic?If I can get some JAVA code help it will be beneficial.

推荐答案

接下来的食谱是为我工作:

The next recipe is working for me:


  1. 获取SAMLResponse令牌和去code,并夸大:

  1. Get the SAMLResponse token and decode it and inflate:

// Base64 decode
Base64 base64Decoder = new Base64();
byte[] xmlBytes = encodedXmlString.getBytes("UTF-8");
byte[] base64DecodedByteArray = base64Decoder.decode(xmlBytes);

// Inflate (uncompress) the AuthnRequest data
// First attempt to unzip the byte array according to DEFLATE (rfc 1951)

Inflater inflater = new Inflater(true);
inflater.setInput(base64DecodedByteArray);
// since we are decompressing, it's impossible to know how much space we
// might need; hopefully this number is suitably big
byte[] xmlMessageBytes = new byte[5000];
int resultLength = inflater.inflate(xmlMessageBytes);

if (!inflater.finished()) {
    throw new RuntimeException("didn't allocate enough space to hold "
            + "decompressed data");
}

inflater.end();

String decodedResponse = new String(xmlMessageBytes, 0, resultLength,
        "UTF-8");

return decodedResponse;


  • 解析生成的XML。在这里,你可以得到你所需要的信息,并举例来说,创造的 POJO 的它(这是一个简单的code解析LogoutRequest的,但会为回应是类似):

  • Parse the resulting XML. Here you can get the info that you need and for example, create a POJO with it (this is a sample code for parsing LogoutRequest's but would be analogous for responses):

    // Parse the XML. SAX approach, we just need the ID attribute
    SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
    
    // If we want to validate the doc we need to load the DTD
    // saxParserFactory.setValidating(true);
    
    // Get a SAXParser instance
    SAXParser saxParser = saxParserFactory.newSAXParser();
    
    // Parse it
    XMLhandler xmLhandler = new XMLhandler();
    saxParser.parse(new ByteArrayInputStream(xmlLogoutRequest.getBytes()),
            xmLhandler);
    
    // Return the SamlVO
    return xmLhandler.getSamlVO();
    


  • 有关我的使用案例,我只有几个元素有趣,所以我使用的 SAX 的:

    For my use case I am interesting in only a few elements, so I am using SAX:

    public class XMLhandler extends DefaultHandler {
    
        private SamlVO samlVO;
    
        public XMLhandler() {
            samlVO = new SamlVO();
        }
    
        @Override
        public void startElement(String uri, String localName, String qName,
            Attributes attributes) throws SAXException {
    
            // Managing a LogoutRequest means that we are going to build a LogoutResponse
            if (qName.equals("samlp:LogoutRequest")) {
                // The ID value of a request will be the LogoutResponse's InReponseTo attribute 
                samlVO.setInResponseTo(attributes.getValue("ID"));
                // From the destination we can get the Issuer element
                String destination = attributes.getValue("Destination");
                if (destination != null) {
                    URL destinationUrl = null;
                    try {
                        destinationUrl = new URL(destination);
                    } catch (MalformedURLException e) {
                         // TODO: We could set the server hostname (take it from a property), but this URL SHOULD be well formed!
                         e.printStackTrace();
                    }
                    samlVO.setIssuer(destinationUrl.getHost());
                }
            }   
        }
    
        public SamlVO getSamlVO() {
            return samlVO;
        }
    
    }
    

    希望它帮助,

    路易斯

    PS:你也可以使用一个图书馆一样OpenSAML

    PS: you also can use a library like OpenSAML

    DefaultBootstrap.bootstrap();
    
    HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool());
    BasicSAMLMessageContext<LogoutRequest, ?, ?> messageContext = new BasicSAMLMessageContext<LogoutRequest, SAMLObject, SAMLObject>();
    messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
    decode.decode(messageContext);
    XMLObjectBuilderFactory builderFactory = org.opensaml.Configuration.getBuilderFactory();
    LogoutRequestBuilder logoutRequestBuilder = (LogoutRequestBuilder) builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
    LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
    logoutRequest = (LogoutRequest) messageContext.getInboundMessage();
    

    但要ppared包括在CLASSPATH一些库$ P $!

    But be prepared to include a few libraries in your CLASSPATH!!!

    这篇关于消费SAMLResponse令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

    10-16 21:48