我已使用SAML Test Connector将我的网络应用程序添加到onelogin中。 在配置选项卡中,我给出了以下值
收件人:http://localhost:8080/em/live/pages/samlAuth/
ACS(消费者)URL验证器*:^
ACS(消费者)网址*:http://localhost:8080/ws_em/rest/accounts/consume-saml
其中http://localhost:8080/ws_em/rest/accounts/produce-saml通过获取IssuerUrl创建SAML请求,SAML EndPoint从Onelogin SSO选项卡和ACS网址复制为http://localhost:8080/ws_em/rest/accounts/consume-saml。
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/produce-saml")
public com.virima.em.core.Response SAMLAuthentication(){
com.Response resp = new com.Response();
AppSettings appSettings = new AppSettings();
appSettings.setAssertionConsumerServiceUrl(ACSUrl);
appSettings.setIssuer(IssuerUrl));
AccountSettings accSettings = new AccountSettings();
accSettings.setIdpSsoTargetUrl(IdpSsoTargetUrl);
AuthRequest authReq = new AuthRequest(appSettings,accSettings);
Map<String, String[]> parameters = request.getParameterMap();
String relayState = null;
for(String parameter : parameters.keySet()) {
if(parameter.equalsIgnoreCase("relaystate")) {
String[] values = parameters.get(parameter);
relayState = values[0];
}
}
String reqString = authReq.getSSOurl(relayState);
response.sendRedirect(reqString);
resp.setResponse(reqString);
return resp;
}
http://localhost:8080/ws_em/rest/accounts/consume-saml调用应该接受我的SAML请求并进行身份验证。在这里,我使用的是Onelogin SSO标签中生成的证书
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/consume-saml")
public com.onelogin.saml.Response SAMLAuthenticationResponse(){
com.onelogin.saml.Response samlResponse = null;
String certificateS ="c"; //Certificate downloaded from Onelogin SSO Tab
AccountSettings accountSettings = new AccountSettings();
accountSettings.setCertificate(certificateS);
samlResponse = new com.onelogin.saml.Response(accountSettings,request.getParameter("SAMLResponse"),request.getRequestURL().toString());
if (samlResponse.isValid()) {
// the signature of the SAML Response is valid. The source is trusted
java.io.PrintWriter writer = response.getWriter();
writer.write("OK!");
String nameId = samlResponse.getNameId();
writer.write(nameId);
writer.flush();
} else {
// the signature of the SAML Response is not valid
java.io.PrintWriter writer = response.getWriter();
writer.write("Failed\n");
writer.write(samlResponse.getError());
writer.flush();
}
return samlResponse;
}
我收到此错误
联盟例外:格式错误的网址。请联系您的 管理员。
它似乎没有进入我的应用内部的ACS网址。
我的配置有错误吗?或者有更好的方法吗?
答案 0 :(得分:1)
ACS is Assertion Consumer Service, is the endpoint that process at the SP the SAMLResponse sent by the Identity Provider, so the http://localhost:8080/ws_em/rest/accounts/consume-saml process and validate the SAMLResponse.
Do you have verbose trace error? Malformed URL must be that the code is trying to build a URL var with a non URL string.
BTW, You are using the java-saml toolkit, but the 1.0 version instead the recommended 2.0.
I highly recommend you to use the 2.0 and before work on your integration, try to run the app example