{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爷、活的狠高调 的问题《Configure POST ProtocolBinding in Spring Security》','https://www.manongdao.com/q-1358745.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Spring Security SAML insists on requesting the Artifact binding in the SAML authentication request (ProtocolBinding attribute):
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://sp.com/saml/SSO/alias/defaultAlias"
Destination="https://idp.com/idp"
ForceAuthn="false"
ID="a4acj06d42fdc0d3494h859g3f7005c"
IsPassive="false"
IssueInstant="2012-12-05T17:07:18.271Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Version="2.0"
>
How can I configure POST binding instead? Thanks for any answers!
-- Andreas
In the
securityContext.xmlsp-initiated binding can be set. Example below used HTTP-POSTValues of bindings can be found in
org.opensaml.common.xml.SAMLConstantsclass.Thanks nobby and Sanjeev, I've recently applied this to a similar case and it put me on the right track.
Being very new to the Spring Security SAML2 extension, I had to do a little extra digging around to get the WebSSOProfileOptions applied. Essentially to get an HTTP-POST binding on the SAML authentication request you need the profile options passed to the
org.springframework.security.saml.websso.WebSSOProfileImpl#sendAuthenticationRequest()method.For our config, which is very similar to the config in the Spring RC2 sample project, this meant passing the
WebSSOProfileOptionsbean as described in Sanjeev's solution to thesamlEntryPoint.defaultProfileOptionsproperty (or adding a binding property there).Trouble is, this did not result in the AuthnRequest picking up the binding property as set. In our case our SAML metadata was specifying
isDefault=trueon the HTTP-Artifact boundAssertionConsumerService. And in our RC2 version of the Spring Security SAML2 library this is the default behaviour of theorg.springframework.security.saml.metadata.MetadataGenerator.This can be overridden by setting the
assertionConsumerIndexproperty of the MetadataGenerator. The HTTP Post assertion consumer gets configured at index 1 in our case.