Цикл между ADFS и приложением Spring-SAML

Я внедрил Spring SAML SSO в веб-приложение JEE6 на Wildfly 8.2 для аутентификации с помощью ADFS2/3, но на данный момент мне не удается добиться успеха в процессе авторизации. Вот он запрос/ответ ping/pong:

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 AssertionConsumerServiceURL="https://172.19.100.141:8443/saml/SSO"
                 Destination="MYIDP"
                 ForceAuthn="false"
                 ID="a1be1ie43303d6ei1fa8je1fdd1jhh4"
                 IsPassive="false"
                 IssueInstant="2015-10-05T16:52:54.680Z"
                 ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                 Version="2.0"
                 >
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SPENTITY</saml2:Issuer>

Response:

<samlp:Response ID="_c644ea1a-88e9-4022-a9fc-52071d0e67bc"
            Version="2.0"
            IssueInstant="2015-10-05T16:52:54.658Z"
            Destination="https://172.19.100.141:8443/saml/SSO"
            Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
            InResponseTo="a1be1ie43303d6ei1fa8je1fdd1jhh4"
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
            >
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">IDP/adfs/services/trust</Issuer>
<samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                        >
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                </e:EncryptionMethod>
                <KeyInfo>
                    <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:X509IssuerSerial>
                            <ds:X509IssuerName>MY ISSUER RDATA</ds:X509IssuerName>
                            <ds:X509SerialNumber>686142642</ds:X509SerialNumber>
                        </ds:X509IssuerSerial>
                    </ds:X509Data>
                </KeyInfo>
                <e:CipherData>
                    <e:CipherValue>VAL</e:CipherValue>
                </e:CipherData>
            </e:EncryptedKey>
        </KeyInfo>
        <xenc:CipherData>
            <xenc:CipherValue>VAL</xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>
</EncryptedAssertion>

When I reach more than 6 request in the last two minutes, ADFS drops the connection and I receive an error. What's the possible error? I've added all required keys to my keystore, why the client keeps on requesting even if the status code response's field has been successfull?


adfs spring-saml wildfly adfs3.0
person Chris    schedule 01.10.2015    source источник

Ответы (1)


arrow_upward
1
arrow_downward

Проблема заключалась в том, что для свойства useReferer было установлено значение true для SavedRequestAwareAuthenticationSuccessHandler.

<!-- Handler deciding where to redirect user after successful login -->
<beans:bean id="successRedirectHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- <beans:property name="useReferer" value="true"/> -->
    <beans:property name="defaultTargetUrl" value="/dispatcher"/>
</beans:bean>
person Chris    schedule 06.10.2015