我正在使用Spring安全SAML2.0 SSO和wso2IS 5.4.0。我已将角色声明添加到服务提供商内部的wso2is中。现在我可以在saml断言中获得用户角色。
在这里,我想验证其角色的用户基础。我在securityContext.xml
中映射了应用程序(服务提供者)urlimport hashlib
import os
def file_as_bytes(file):
with file:
return file.read()
def hash_file(fpath):
return hashlib.md5(file_as_bytes(open(fpath, 'rb'))).hexdigest()
for fname in os.listdir('.'):
name, ext = os.path.splitext(fname)
hash = hash_file(fname)
dst = hash + ext
print(fname + " --> " + dst)
os.rename(fname, dst)
答案 0 :(得分:1)
在服务提供商访问期间,如果要根据用户身份向身份服务器验证用户身份,则可以使用XACML策略" authn_role_based_policy"。如果您使用此XACML策略,则只有具有特定角色的用户才会被允许进入身份验证流程,而其他用户将被拒绝。你可以参考writing XACML policy documentation。
答案 1 :(得分:1)
As you want to get the user's role in the saml assertion, what you need to do is add role claim (http://wso2.org/claims/role) to the requested claims list in service provider configuration as described here.
If you need to control the access from Identity Server side, follow the instructions provided by @Nilasini above. More information is available in here. Basically what you need to do is enable "Enable Authorization" in the service provider configuration and create a relevant XACML policy.
I'm not a expert of Spring SAML. So I'm not going to comment anything about how to control the access from Spring SAML using the user's roles, if that is what you want.