从这里开始,我遵循了第12.0章关于将spring和adfs用作IdP的说明: docs.spring.io/spring-security-saml/docs/1.0.x-SNAPSHOT/reference/pdf/spring-security-saml -reference.pdf
但是我在测试SSO时有一个例外:
org.opensamlmon.SAMLException:NameID元素必须作为主题的一部分出现在响应消息中,请在IDP配置我按照文档中的描述添加了规则NameID。 我们在一台服务器上使用ADFS 3.0,在另一台Linux服务器上使用Tomcat,但我认为这不会对此产生影响... 我找不到解决方法,有人(@vschafer?)有建议吗?
预先感谢!
解决方案终于找到了解决方案:由于我们的ADFS服务器使用其他声明提供者,因此必须将规则类型设置为通过或过滤传入的声明。
更多信息: technet.microsoft/zh-CN/library/dd807060(v = ws.10).aspx
I followed chapter 12.0 instructions about using spring with adfs as IdP from here : docs.spring.io/spring-security-saml/docs/1.0.x-SNAPSHOT/reference/pdf/spring-security-saml-reference.pdf
But I have an exception when I test the SSO :
org.opensamlmon.SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configurationI added the rule NameID as described in the document. We use ADFS 3.0 on a server and Tomcat on another Linux server, but I don't think it has an impact on this... I can't find a way to resolve it, is someone (@vschafer ?) has a suggestion ?
Thanks in advance !
解决方案Finally found the solution : I had to set Rule Type as "Pass through or filter an incoming claim" because our ADFS server uses others claim providers.
More info: technet.microsoft/en-us/library/dd807060(v=ws.10).aspx
更多推荐
配置ADFS 3.0 / SAML 2.0以与Spring Security配合使用以进行SSO集成
发布评论