J'essaie de définir une Spring WebApplication afin de se connecter à un serveur ADFS afin d'accomplir une authentification unique Web.Sécurité de printemps non HttpSession existe actuellement
La demande SAML fonctionne correctement mais lorsque je reçois la réponse de l'ADFS, j'ai une boucle de redirection provoquée par un problème d'authentification.
On dirait qu'après avoir stocké avec succès le UserDetails
dans la session, la requête suivante ne peut pas trouver un HttpSession
disponible afin qu'un jeton anonyme soit créé. J'utilise la magnifique bibliothèque SAML Extension (http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/) et j'ai implémenté le SAMLUserDetailsService
afin de créer les UserDetails. Dans une seconde application Web similaire à celle-ci, tout fonctionne correctement.
Voici mes journaux:
(SAMLDefaultLogger.java:127) - AuthNResponse;SUCCESS; ...
(AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springf[email protected]aecd14bd:
(SavedRequestAwareAuthenticationSuccessHandler.java:79) - Redirecting to DefaultSavedRequest Url: ...
(DefaultRedirectStrategy.java:36) - Redirecting to ....
(HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: '[email protected]cd14bd: Authentication: org.springf[email protected]aecd14bd: ...
(SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed
(FilterChainProxy.java:337) -/at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
(HttpSessionSecurityContextRepository.java:140) - No HttpSession currently exists
(HttpSessionSecurityContextRepository.java:91) - No SecurityContext was available from the HttpSession: null. A new one will be created.
(FilterChainProxy.java:337) -/at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
(FilterChainProxy.java:337) -/at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
(FilterChainProxy.java:337) -/at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
(FilterChainProxy.java:337) -/at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
(FilterChainProxy.java:337) -/at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
(FilterChainProxy.java:337) -/at position 7 of 12 in additional filter chain; firing Filter: 'FilterChainProxy'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/login/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/logout/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/sso/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/ssohok/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/singlelogout/**'
(FilterChainProxy.java:180) -/has no matching filters
(FilterChainProxy.java:337) -/at position 8 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
(FilterChainProxy.java:337) -/at position 9 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
(FilterChainProxy.java:337) -/at position 10 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
(AnonymousAuthenticationFilter.java:102) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6faa3d44:
(ExceptionTranslationFilter.java:165) - Access is denied (user is anonymous); redirecting to authentication entry point ...
J'utilise Spring Security 3.2.5.RELEASE
Merci à l'avance et désolé pour mon anglais