<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate

1. <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
2. <constructor-arg>
3. <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
4. <constructor-arg>
5. <bean class="java.util.Timer"/>
6. </constructor-arg>
7. <constructor-arg>
8. <bean class="org.opensaml.util.resource.ClasspathResource">
9. <constructor-arg value="/metadata/my_sp.xml"/>
10. </bean>
11. </constructor-arg>
12. <property name="parserPool" ref="parserPool"/>
13. </bean>
14. </constructor-arg>
15. <constructor-arg>
16. <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
17. <property name="local" value="true"/>
18. <property name="securityProfile" value="metaiop"/>
19. <property name="sslSecurityProfile" value="pkix"/>
20. <property name="sslHostnameVerification" value="allowAll"/>
21. <property name="signMetadata" value="false"/>
22. <property name="signingKey" value="apollo"/>
23. <property name="encryptionKey" value="apollo"/>
24. <property name="requireArtifactResolveSigned" value="false"/>
25. <property name="requireLogoutRequestSigned" value="false"/>
26. <property name="requireLogoutResponseSigned" value="false"/>
27. <property name="idpDiscoveryEnabled" value="true"/>
28. <property name="idpDiscoveryURL" value="https://.../kerberoslogin/samlwebsso"/>
29. <property name="idpDiscoveryResponseURL" value="http://localhost:80/MYDEMO/saml/login?disco=true"/>
30. </bean>
31. </constructor-arg>
32.  
33. <security:authentication-manager alias="authenticationManager">
34. <!-- Register authentication manager for SAML provider -->
35. <security:authentication-provider ref="samlAuthenticationProvider"/>
36. </security:authentication-manager>
37.  
38. <bean id="samlAuthenticationProvider"
39. class="my.demo.server.CustomSAMLAuthenticationProvider">
40. <property name="dataSource" ref="dataSourceAuthentication"/>
41. </bean>
42.  
43. <bean id="dataSourceAuthentication" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
44. <property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver" />
45. <property name="url" value="jdbc:sqlserver://....:1433;DatabaseName=...;User=...;Password=..." />
46. <property name="username" value="..." />
47. <property name="password" value="..." />
48. </bean>
49.  
50. .... <md:NameIDFormat>acns:id</md:NameIDFormat> ....
51.  
52. public class CustomSAMLAuthenticationProvider extends SAMLAuthenticationProvider {
53. DataSource dataSource;
54.  
55. public void setDataSource(DataSource dataSource) {
56. this.dataSource = dataSource;
57. }
58.  
59. @Override
60. public Authentication authenticate(Authentication authentication) {
61. Authentication auth = super.authenticate(authentication);
62. UserDetails u = (UserDetails)auth.getDetails();
63. if (u != null) {
64. if (!u.isEnabled()) {
65. return null;
66. }
67. }
68. return auth;
69. }
70.  
71. public DSResponse fetch(DSRequest dsRequest, HttpServletRequest request, Authentication authentication) throws Exception {
72. Authentication auth = super.authenticate(authentication);
73. UserDetails u = (UserDetails)auth.getDetails();
74.  
75. DSResponse response = dsRequest.execute();
76. response.setData(u);
77.  
78. return response;
79. }
80.  
81. @Override
82. protected Object getUserDetails(SAMLCredential credential) {
83. Object details = super.getUserDetails(credential);
84. if (details != null) {
85. return details;
86. }
87. Connection con = null;
88. PreparedStatement stmt = null;
89. ResultSet rs = null;
90. String userName = credential.getNameID().getValue();
91. ArrayList<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
92.  
93. try {
94. // ... querry sql data -> roles
95. } catch (SQLException e) {
96. //...
97. }
98. return new User(userName, "", true, true, true, true, roles);
99. }