我試圖設置Spring WebApplication以便與ADFS服務器連接以完成Web SSO。Spring Security目前不存在HttpSession
SAML請求正常工作,但是當我收到來自ADFS的響應時,我有一個由認證問題導致的重定向循環。
似乎是這樣的,我成功地將UserDetails
存儲在會話中後,下一個請求無法找到可用的HttpSession
,因此創建了匿名令牌。
我正在使用美妙的SAML擴展庫(http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/),並且我實現了SAMLUserDetailsService
以構建UserDetails。
在與此相似的第二個WebApp中,一切正常。
這裏我的日誌:
(SAMLDefaultLogger.java:127) - AuthNResponse;SUCCESS; ...
(AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springf[email protected]aecd14bd:
(SavedRequestAwareAuthenticationSuccessHandler.java:79) - Redirecting to DefaultSavedRequest Url: ...
(DefaultRedirectStrategy.java:36) - Redirecting to ....
(HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: '[email protected]cd14bd: Authentication: org.springf[email protected]aecd14bd: ...
(SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed
(FilterChainProxy.java:337) -/at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
(HttpSessionSecurityContextRepository.java:140) - No HttpSession currently exists
(HttpSessionSecurityContextRepository.java:91) - No SecurityContext was available from the HttpSession: null. A new one will be created.
(FilterChainProxy.java:337) -/at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
(FilterChainProxy.java:337) -/at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
(FilterChainProxy.java:337) -/at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
(FilterChainProxy.java:337) -/at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
(FilterChainProxy.java:337) -/at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
(FilterChainProxy.java:337) -/at position 7 of 12 in additional filter chain; firing Filter: 'FilterChainProxy'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/login/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/logout/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/sso/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/ssohok/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/singlelogout/**'
(FilterChainProxy.java:180) -/has no matching filters
(FilterChainProxy.java:337) -/at position 8 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
(FilterChainProxy.java:337) -/at position 9 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
(FilterChainProxy.java:337) -/at position 10 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
(AnonymousAuthenticationFilter.java:102) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6faa3d44:
(ExceptionTranslationFilter.java:165) - Access is denied (user is anonymous); redirecting to authentication entry point ...
我使用Spring Security的提前和對不起3.2.5.RELEASE
感謝我的英語