我正在开发一个由SP发起的SSO集成。我从生成SAML请求并将其转换为前端将重定向的URL的API开始。下面是生成包含SAML请求的URL的代码。
String redirectUrl = "https://login.microsoftonline.com/f8ceef31-c65g-4b4a-09e4-5f571x91255arn" + "/saml2"
+ "?SAMLRequest=";
String samlRequest = "<?xml version="1.0"encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" "
+ "xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" " + "ID="" + Instant.now().toEpochMilli()
+ "Version="2.0" " + "IssueInstant="" + Instant.now() + "" "
+ "ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" "
+ "AssertionConsumerServiceURL="https://login.microsoftonline.com/1ebc9492-2234-472a-87v5-ea64ae60db97/saml2">"
+ "<saml:Issuer>https://login.microsoftonline.com/1ebc9497-2161-672a-84b4-ea64ae60db97/saml2</saml:Issuer>"
+ "<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified AllowCreate="true"/>"
+ "</samlp:AuthnRequest>";
byte[] compressedBytes = new byte[samlRequest.length()];
Deflater deflater = new Deflater(Deflater.DEFAULT_COMPRESSION, true);
deflater.setInput(samlRequest.getBytes());
deflater.finish();
int compressedSize = deflater.deflate(compressedBytes);
deflater.end();
String base64Encoded = Base64.getEncoder()
.encodeToString(Arrays.copyOfRange(compressedBytes, 0, compressedSize));
String relayStateString = redirectUrl + base64Encoded;
当生成URL并尝试重定向时,我遇到以下错误:
SAML message was not properly base64-encoded.
早先我使用spring-security-saml-dsl依赖,但未能生成SAMLRequest。
我已经尝试了多种生成SAML请求的方法,但我无法成功生成一个正确的URL,将我重定向到登录页面
以下链接回答了我的问题。
https://learn.microsoft.com/en-us/answers/questions/580306/aadsts750056-saml-message-was-not-properly-base64
我错过了我必须对(Deflate + Base64)字符串进行URL编码的部分,这就是为什么它给了我共享的错误。