如何使用Onelogin将我的Web应用程序配置为SAML测试连接器(SP)?

时间:2016-10-20 09:38:32

标签: saml-2.0 onelogin

我已使用SAML Test Connector将我的网络应用程序添加到onelogin中。 在配置选项卡中,我给出了以下值

  

收件人:http://localhost:8080/em/live/pages/samlAuth/

     

ACS(消费者)URL验证器*:^

     

ACS(消费者)网址*:http://localhost:8080/ws_em/rest/accounts/consume-saml

     

登录网址:http://localhost:8080/ws_em/rest/accounts/produce-saml

其中http://localhost:8080/ws_em/rest/accounts/produce-saml通过获取IssuerUrl创建SAML请求,SAML EndPoint从Onelogin SSO选项卡和ACS网址复制为http://localhost:8080/ws_em/rest/accounts/consume-saml

    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @Path("/produce-saml")
    public com.virima.em.core.Response SAMLAuthentication(){
         com.Response resp = new com.Response();
         AppSettings appSettings = new AppSettings();
         appSettings.setAssertionConsumerServiceUrl(ACSUrl);
         appSettings.setIssuer(IssuerUrl));
         AccountSettings accSettings = new AccountSettings();
         accSettings.setIdpSsoTargetUrl(IdpSsoTargetUrl);
         AuthRequest authReq = new AuthRequest(appSettings,accSettings);
         Map<String, String[]> parameters = request.getParameterMap();
         String relayState = null;
         for(String parameter : parameters.keySet()) {
           if(parameter.equalsIgnoreCase("relaystate")) {
             String[] values = parameters.get(parameter);
             relayState = values[0];
           }
        }
        String reqString = authReq.getSSOurl(relayState);
        response.sendRedirect(reqString);
        resp.setResponse(reqString);
        return resp;
 }

http://localhost:8080/ws_em/rest/accounts/consume-saml调用应该接受我的SAML请求并进行身份验证。在这里,我使用的是Onelogin SSO标签中生成的证书

    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @Path("/consume-saml")
    public com.onelogin.saml.Response SAMLAuthenticationResponse(){
        com.onelogin.saml.Response samlResponse = null;
        String certificateS ="c"; //Certificate downloaded from Onelogin SSO Tab
        AccountSettings accountSettings = new AccountSettings();
        accountSettings.setCertificate(certificateS);
        samlResponse = new com.onelogin.saml.Response(accountSettings,request.getParameter("SAMLResponse"),request.getRequestURL().toString());
       if (samlResponse.isValid()) {
           // the signature of the SAML Response is valid. The source is trusted
            java.io.PrintWriter writer = response.getWriter();
            writer.write("OK!");
            String nameId = samlResponse.getNameId();
            writer.write(nameId);
            writer.flush();
      } else {
         // the signature of the SAML Response is not valid
        java.io.PrintWriter writer = response.getWriter();
        writer.write("Failed\n");
        writer.write(samlResponse.getError());
        writer.flush();
      }
            return samlResponse;
}

我收到此错误

  

联盟例外:格式错误的网址。请联系您的   管理员。

它似乎没有进入我的应用内部的ACS网址。

我的配置有错误吗?或者有更好的方法吗?

1 个答案:

答案 0 :(得分:1)

ACS is Assertion Consumer Service, is the endpoint that process at the SP the SAMLResponse sent by the Identity Provider, so the http://localhost:8080/ws_em/rest/accounts/consume-saml process and validate the SAMLResponse.

Do you have verbose trace error? Malformed URL must be that the code is trying to build a URL var with a non URL string.

BTW, You are using the java-saml toolkit, but the 1.0 version instead the recommended 2.0.

I highly recommend you to use the 2.0 and before work on your integration, try to run the app example

相关问题
最新问题