All geek questions in one place

Unexpected form of Spring-Security-SAML stack trace when generating SP metadata?

I am trying to integrate spring-security-saml with an existing application to allow this application to act as a service provider.

Unfortunately, I cannot get the metadata filter to work. Webapp loads without any fuss, but when I press $ contextPath / saml / metadata, I get the following stack trace in my logs.

2014-10-24 13:52:38,779 54025 [ 1045652139@qtp-718389251-8 ] WARN org.mortbay.log - /sf/saml/metadata/ org.opensaml.saml2.metadata.provider.MetadataProviderException: No hosted service provider is configured and no alias was selected at org.springframework.security.saml.context.SAMLContextProviderImpl.populateLocalEntity(SAMLContextProviderImpl.java:311) ~[spring-security-saml2-core -1.0.0.RELEASE.jar:1.0.0.RELEASE] at org.springframework.security.saml.context.SAMLContextProviderImpl.populateLocalContext(SAMLContextProviderImpl.java:216) ~[spring-security-saml2-cor e-1.0.0.RELEASE.jar:1.0.0.RELEASE] at org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalEntity(SAMLContextProviderImpl.java:107) ~[spring-security-saml2-core-1.0. 0.RELEASE.jar:1.0.0.RELEASE] at org.springframework.security.saml.metadata.MetadataDisplayFilter.processMetadataDisplay(MetadataDisplayFilter.java:114) ~[spring-security-saml2-core-1.0.0.RELEASE.jar:1.0.0.RELEASE] at org.springframework.security.saml.metadata.MetadataDisplayFilter.doFilter(MetadataDisplayFilter.java:88) ~[spring-security-saml2-core-1.0.0.RELEASE.jar:1.0.0.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.3.RELEASE.jar:3.2.3.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ~[spring-security-web-3.2.3.RELEASE.jar:3.2.3.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) ~[spring-security-web-3.2.3.RELEASE.jar:3.2.3.RELEASE]

My metadata configuration is below:

  <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter"> <constructor-arg ref="metadataGenerator"/> </bean> <bean id="metadataGenerator" class="org.springframework.security.saml.metadata.MetadataGenerator"> <!--<property name="entityBaseURL" value="${env.shibboleth.entityBaseUrl"/>--> <property name="bindingsSSO"> <list> <value>redirect</value> <value>artifact</value> </list> </property> <property name="entityId" value="${env.shibboleth.entityId}"/> <prop </bean>

Currently we use:

  • spring version: 4.0.4.RELEASE
  • spring security version: 3.2.3.RELEASE
  • spring -security-saml2 version: 1.0.0.RELEASE

At this point, I pretty much lose, because we are not trying to create a multi-stage setup, which is the only place where the alias is mentioned in detail, and from what I see, the metadata of the generator determines the service provider?

+5
source share
1 answer

metadataGeneratorFilter must be executed before calling MetadataDisplayFilter , be sure to include the following declaration in your <security:http> element:

 <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>

Also, your value for entityId similar to using the same entityId for your IDP (Shibboleth) and SP (Spring SAML) applications. Make sure that the value is unique for both objects.

+7
source

Source: https://habr.com/ru/post/1205441/

More articles:


All Articles