如何在WSO2 IS中向登录表单添加额外字段:SAML 2.0 RelayState参数?

huangapple go评论144阅读模式
英文:

SAML 2.0 RelayState params: how to add extra field to login form in WSO2 IS?

问题

我需要在我的自定义登录页中添加一个额外的组合框,用于显示产品的版本,在WSO2 IS中实现(该组合框包含要显示的产品版本)。在成功登录后,应将组合框的选择传递给服务提供商。如此处所述,可以将选择作为RelayState参数传递。然而,我找不到在WSO2 IS中如何实现此功能的示例。因此,问题是:如何在IS端设置使用RelayState参数,以及如何在服务提供商端获取其值?非常感谢提供任何关于Java的示例!

英文:

I need to add an extra combobox in my custom login page in WSO2 IS (that holds a version of product to show). The selection of the combox should be passed to service provider after success login. As it's stated here the selection can be passed as RelayState param. Still I can't find an example on how to do that with WSO2 IS. So the question is: how can I set up using a RelayState param on IS side and how to get its value on service provider side? Any example on java is strongly appretiated!

答案1

得分: 2

SAML有两种流程

  • IdP发起的流程(IdP Initiated)
  • SP发起的流程(SP Initiated)

Relay State:在IdP发起的流程中,Relay State是一个参数,它可以帮助您。如果服务提供商端有多个应用程序,并且在SAML断言之后,如果您需要确定用户应该登陆到哪个应用程序,那么您可以使用Relay State。您可以直接在Relay State参数中配置应用程序URL,或者您可以配置一些值来帮助您识别应用程序。

> 要使此功能正常工作,您的IdP中应启用IdP发起的单点登录(IdP initiated SSO)。

在WSO2 IdP内部,可能可以在SSO设置中找到RelayState配置。我已经为其他IdP配置了RelayState,这可以很容易地配置。

以下代码可用于在SP端获取RelayState:

public Object loadUserBySAML(SAMLCredential credential)
        throws UsernameNotFoundException {
    
    // 该方法应该能够识别SAML断言中的数据引用的用户的本地帐户,并返回描述用户的UserDetails对象。
    
    String userID = credential.getNameID().getValue();
    String relayState = credential.getRelayState();
    
    LOG.info(userID + "已登录");
    
    return new User(userID, "<abc123>", true, true, true, true, authorities);
}
英文:

SAML there are two flow

  • IdP Initiated
  • SP Initiated

Relay State : is the one parameter which help you in IdP Initiated flow. If There are multiple application on the service provider side and after SAML assertion if you need to identify in which application user has to land then you can use relay state. Either you can directly configure application URL in relay state parameter or you can configure some values which help you to identify application.

> To make this work, IdP initiated SSO should be enabled in your IdP.

Inside a WSO2 IdP there is SSO settings may be you can get RelayState configuration there. I did configured RelayState for other IdP, which can be easily configured.

Following code you can use to get RelayState on SP side

public Object loadUserBySAML(SAMLCredential credential)
		throws UsernameNotFoundException {
	
	// The method is supposed to identify local account of user referenced by
	// data in the SAML assertion and return UserDetails object describing the user.
	
	String userID = credential.getNameID().getValue();
	String relayState = credential.getRelayState();
	
	LOG.info(userID + &quot; is logged in&quot;);
	

	return new User(userID, &quot;&lt;abc123&gt;&quot;, true, true, true, true, authorities);
}

huangapple
  • 本文由 发表于 2020年8月24日 16:19:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/63557196.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定