在POST期间访问SAML断言时出现问题



我正试图通过tomcat适配器使用keycapture(SAML(来实现SSO解决方案。我已经创建了一个用户、领域和客户端。我甚至为客户端提供了一个"用户"角色,以便映射回Java Servlet上下文。我看到SAML请求被发送到keycloft,keycloft使用POST以SAML断言进行响应。但是,我无法使用我配置的Java Servlet访问SAML断言。

Java(web.xml(:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee                                                                           http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<security-constraint>
<web-resource-collection>
<web-resource-name>Simple</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>       
</security-constraint>

<servlet>
<servlet-name>AuthServlet</servlet-name>
<servlet-class>AuthServlet</servlet-class>      
</servlet>

<servlet-mapping>
<servlet-name>AuthServlet</servlet-name>
<url-pattern>/saml</url-pattern>        
</servlet-mapping>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>simpleRealm</realm-name>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

Java Servlet(AuthServlet.Java(:

public class AuthServlet extends HttpServlet {

@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.getServletContext().log("POSTing");

SamlPrincipal samlPrincipal = (SamlPrincipal) request.getUserPrincipal();
samlPrincipal.getAttributeNames().forEach( attribute -> {
String value = samlPrincipal.getAttribute(attribute);
this.getServletContext().log("key: " + attribute + " value: " + value);
});

}
}

然而,我从未在日志中看到任何关于张贴的内容。我确实看到我访问了适当的资源

172.26.66.136 - - [16/Mar/2021:10:32:12 -0400] "GET /simple HTTP/1.1" 302 -
172.26.66.136 - - [16/Mar/2021:10:32:13 -0400] "GET /simple/ HTTP/1.1" 200 3442
172.26.66.136 - G-0bbe42f7-d80e-4b47-8572-53acaa5c8979 [16/Mar/2021:10:32:18 -0400] "POST /simple/saml HTTP/1.1" 302 -
172.26.66.136 - G-0bbe42f7-d80e-4b47-8572-53acaa5c8979 [16/Mar/2021:10:32:18 -0400] "GET /simple/ HTTP/1.1" 200 222

但是,我在输出日志中没有看到任何内容。

有什么想法吗!!???

我将称之为oops,因为要完全实现此解决方案,您不需要实现响应SAML POST的servlet。在成功登录/注销后,您只需从servlet访问SAML断言,使用:

SamlPrincipal saml = request.getUserPrincipal();

相关内容

  • 没有找到相关文章

最新更新