Ich benutze Grails 2.5.6 und ich versuche, Saml mit dem Plugin zu konfigurieren.Grails 2.5.6 und SAML 2.0
Ich kann den saml Login aufrufen, aber nach meinem Login bekomme ich eine blanc Site mit Redirect Loop.
BuildConfig:
dependencies{
/*...*/
compile('org.springframework.security.extensions:spring-security-saml2-core:1.0.2.RELEASE'){
export = false
}
compile('org.springframework.security:spring-security-core:3.2.9.RELEASE')
compile('org.springframework.security:spring-security-web:3.2.9.RELEASE')
}
plugins{
/*...*/
compile ":spring-security-core:2.0.0"
compile ":spring-security-saml:2.0.0"
}
Config:
grails.plugin.springsecurity.userLookup.userDomainClassName = "de.streit.user.User"
grails.plugin.springsecurity.userLookup.authorityJoinClassName = "de.streit.security.UserRole"
grails.plugin.springsecurity.authority.className = "de.streit.security.Role"
grails.plugin.springsecurity.requestMap.className = 'de.streit.security.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.authenticationFailureUrl = '/login/authfail?login_error=1'
// Define the authentication providers
grails.plugin.springsecurity.providerNames = ["samlAuthenticationProvider"]
grails.plugin.springsecurity.useSwitchUserFilter = true
//SAML
grails.plugin.springsecurity.saml.active = true
grails.plugin.springsecurity.saml.metadata.providers = [idp: 'security/idp.xml']
grails.plugin.springsecurity.saml.metadata.defaultIdp = 'idp'
grails.plugin.springsecurity.saml.metadata.sp.defaults = [
signingKey: 'estar',
encryptionKey: 'estar',
tlsKey: 'estar',
alias : 'http://localhost:8080/Organisationsportal'
]
SP.XML:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="http://localhost:8080/Organisationsportal" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<idpdisco:DiscoveryResponse xmlns:idpdisco="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="http://localhost:8080/Organisationsportal/spring-security-saml/login/auth"/>
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIC9jCCArSgAwIBAgIETo67pDALBgcqhkjOOAQDBQAwXjELMAkGA1UEBhMCVUsxEDAOBgNVBAgT
B1Vua25vd24xDzANBgNVBAcTBmxvbmRvbjENMAsGA1UEChMEYnVyYjENMAsGA1UECxMEYnVyYjEO
MAwGA1UEAxMFZmVyb3owHhcNMTExMDA3MDg0MzE2WhcNMTIwMTA1MDg0MzE2WjBeMQswCQYDVQQG
EwJVSzEQMA4GA1UECBMHVW5rbm93bjEPMA0GA1UEBxMGbG9uZG9uMQ0wCwYDVQQKEwRidXJiMQ0w
CwYDVQQLEwRidXJiMQ4wDAYDVQQDEwVmZXJvejCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB
HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/y
ZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq
7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7
+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4r
s6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKB
gQDKBDz1DFPPmmWp9n1FskJOev7CnnVFsKji1NLUDdifvS+uW+cnvnDfD3yPdxzUeknCrPTBRp+B
IvYUvLQ57LMIuLgKQ12RujGl0Oz9JbFMAHuBV2I/7ZykzGQPysSEqKCqG+kDc8VZ4AfIf/S8YnQk
xqdWQ5jLTIzXvcWd0WEYbDALBgcqhkjOOAQDBQADLwAwLAIUGP/oZpi79ZM1793XzZvnmrnmz5gC
FBm4bDN8h/0hAa83jaD8joLr098I
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIC9jCCArSgAwIBAgIETo67pDALBgcqhkjOOAQDBQAwXjELMAkGA1UEBhMCVUsxEDAOBgNVBAgT
B1Vua25vd24xDzANBgNVBAcTBmxvbmRvbjENMAsGA1UEChMEYnVyYjENMAsGA1UECxMEYnVyYjEO
MAwGA1UEAxMFZmVyb3owHhcNMTExMDA3MDg0MzE2WhcNMTIwMTA1MDg0MzE2WjBeMQswCQYDVQQG
EwJVSzEQMA4GA1UECBMHVW5rbm93bjEPMA0GA1UEBxMGbG9uZG9uMQ0wCwYDVQQKEwRidXJiMQ0w
CwYDVQQLEwRidXJiMQ4wDAYDVQQDEwVmZXJvejCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB
HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/y
ZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq
7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7
+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4r
s6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKB
gQDKBDz1DFPPmmWp9n1FskJOev7CnnVFsKji1NLUDdifvS+uW+cnvnDfD3yPdxzUeknCrPTBRp+B
IvYUvLQ57LMIuLgKQ12RujGl0Oz9JbFMAHuBV2I/7ZykzGQPysSEqKCqG+kDc8VZ4AfIf/S8YnQk
xqdWQ5jLTIzXvcWd0WEYbDALBgcqhkjOOAQDBQADLwAwLAIUGP/oZpi79ZM1793XzZvnmrnmz5gC
FBm4bDN8h/0hAa83jaD8joLr098I
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/Organisationsportal/spring-security-saml/saml/SingleLogout"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/Organisationsportal/spring-security-saml/saml/SingleLogout"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:8080/Organisationsportal/spring-security-saml/saml/SingleLogout"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/Organisationsportal/spring-security-saml/saml/SSO" index="0" isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://localhost:8080/Organisationsportal/spring-security-saml/saml/SSO" index="1" isDefault="false"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="http://localhost:8080/Organisationsportal/spring-security-saml/saml/SSO" index="2" isDefault="false"/>
</md:SPSSODescriptor>
ipd.xml:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:8080/Organisationsportal" cacheDuration="PT1440M" ID="XpK4KzotwbSFUKx.-NtBzfGDWti">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIICRTCCAa6gAwIBAgIGAR0gYMbwMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMQwwCgYDVQQKEwNEZXYxDTALBgNVBAsTBFBpbmcxHDAa
BgNVBAMTE0NvbmZpZyBTaWduaW5nIENlcnQwHhcNMDgxMDIxMTcwODEyWhcNMTMxMDIwMTcwODEy
WjBmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ08xDzANBgNVBAcTBkRlbnZlcjEMMAoGA1UEChMD
RGV2MQ0wCwYDVQQLEwRQaW5nMRwwGgYDVQQDExNDb25maWcgU2lnbmluZyBDZXJ0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDQeOdW6I2hyXCQn0X/+8/BzLfRfdy1kN54lmVauYEpaPHQo7by
gPPRPUTDC3LgJGfk4NWkPaM+EOeLzuVw9rbD3gjfsex6hUElkvUzPqXqNN3sq/2hm+FJup+GakE9
WCoEP5sGvlJshH00a4MSzjGTBBqqjsXaWDZ7Sy9UAGw5BQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AKSNMImzVs7L+tfortt7RBFMzc/JLE8qnulY32FrWA3ZLrD+08EBeIp1iwdJ8AGpii3SFV3oV3xu
92Qy2WqsBwj1erYdKW5mrfAbThkwL5N7jRsjJyXnIcx3IBvRD+O+LIDHck0cSgmN14ghleeslx0Q
15kyBdoxbv6pR0k4xOaF
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleSignOnService Location="*1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<md:SingleLogoutService Location="*1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
</md:IDPSSODescriptor>
* 1 Ich entfernte das, weil es von meiner Firma ..
Ich weiß nicht, was Ich bin fehlt.
ich definde eine Bohne in der Ressource für die userDetailsService aber meine Feder weiß nicht, dass im eingeloggt.
Dank
Marvin THOR