Самл авторизация не работает - PullRequest
0 голосов
/ 15 мая 2018

Я должен реализовать saml в моем существующем веб-приложении.Я использовал Spring Security с пользовательской аутентификацией и авторизацией на основе ролей.Но столкнувшись с трудностями в реализации авторизации, переход от весенней безопасности на основе SAML.У меня 2 контекста xml.Ниже приведены мои xml-файлы контекста.

spring-security-config.xml

        <beans:beans xmlns="http://www.springframework.org/schema/security"
            xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

            <http pattern="/index*" security="none" />
            <http pattern="/resources/**" security="none" />
            <http pattern="/cms-resources/**" security="none" />



             <http auto-config="true" use-expressions="true" disable-url-rewriting="true">
                <intercept-url pattern="/login*" access="permitAll" />

                <intercept-url pattern="/Index*" 
                access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('SELFCARE')" />

                <intercept-url pattern="/mlurl*" 
                access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />



                <intercept-url pattern="/masterConfig*" 
                access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/fileUploadConfig*" 
                access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/fileUpload*" 
                access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/redisupload*" 
                access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/fileUploadRedis*" 
                access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/uploadlocal" 
                access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/fileuploadlocal" 
                access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/filepublish*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/filetrain*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/fileread*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/updatehdfsFile*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/filedelete*" access="hasAuthority ('ADMIN')" />

                <intercept-url pattern="/createmodel*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/selectmodel*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/deletemodel*" access="hasAuthority ('ADMIN')" />

                <intercept-url pattern="/createskill*" access="hasAuthority ('ADMIN')" />
                <intercept-url pattern="/selectskill*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/deleteskill*" access="hasAuthority ('ADMIN')" />

                <intercept-url pattern="/addintent*" access="hasAuthority ('ADMIN')" />
                <intercept-url pattern="/deleteintent*" access="hasAuthority ('ADMIN')" />

                <intercept-url pattern="/trainingdata*" access="hasAuthority ('ADMIN')" />
                <intercept-url pattern="/addtrainingdata*" access="hasAuthority ('ADMIN')" />
                <intercept-url pattern="/edittrainingdata*" access="hasAuthority('ADMIN')" />
                <intercept-url pattern="/deletetrainingdata*" access="hasAuthority('ADMIN')" />

                <intercept-url pattern="/ml*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('SELFCARE')" />

                <intercept-url pattern="/serverStatus*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/configureservers*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/serverdata*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/scheduledtask*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
                <intercept-url pattern="/deleteserver*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/base64*"
                 access="hasAuthority('ADMIN') or hasAuthority('DATA-SCIENTIST')" />

                <intercept-url pattern="/diagnostics*"
                access="hasAuthority('SELFCARE') or hasAuthority('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('CUSTOMER-CARE')" />
                <intercept-url pattern="/diagnosticsdata*"
                access="hasAuthority('SELFCARE') or hasAuthority('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('CUSTOMER-CARE')" />

                <intercept-url pattern="/refreshdiagnostics*"
                 access="hasAuthority('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('SELFCARE')" />

                <intercept-url pattern="/adminDashboard*" access="hasAuthority('ADMIN')" />
                <intercept-url pattern="/assignroles*" access="hasAuthority('ADMIN')" />
                <intercept-url pattern="/dagstructure*" access="hasAuthority('ADMIN')" />
                <intercept-url pattern="/dag/fileupload*" access="hasAuthority('ADMIN')" />
                <intercept-url pattern="/dag/filedownload*" access="hasAuthority('ADMIN')" />

                <intercept-url pattern="/logout*" access="permitAll" />
                <intercept-url pattern="/**" access="hasAuthority('SELFCARE') or hasAuthority('ADMIN') or hasAuthority('DATA-SCIENTIST') " />
                <!-- isAuthenticated() -->

                <form-login login-page="/login" authentication-failure-url="/login"
                authentication-success-handler-ref="myAuthenticationSuccessHandler"
                    username-parameter="username" password-parameter="password" />

                <form-login login-page="/login" authentication-failure-url="/login"

                    username-parameter="username" password-parameter="password" />  
                <logout delete-cookies="JSESSIONID" invalidate-session="true" logout-success-url="/" 
                    /> <access-denied-handler error-page="/login" />

                <!-- <csrf disabled="true" /> -->
            </http> 

             <!-- <global-method-security pre-post-annotations="enabled">
                <expression-handler ref="expressionHandler" />
            </global-method-security>  -->

            <!-- <authentication-manager>
                <authentication-provider ref="customeAuthenticatorProvider" />
            </authentication-manager>
         -->
            <!-- Enable permission evaluator in annotation -->
            <!-- <beans:bean id="expressionHandler"
                class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
                <beans:property name="permissionEvaluator" ref="customPermissionEvaluator" />
            </beans:bean> -->
        <!--    <beans:bean id="customeAuthenticatorProvider"
                class="com.ril.ml.config.CustomeAuthenticatorProvider" /> -->
            <!-- <beans:bean id="customPermissionEvaluator"
                class="com.ril.ml.config.CustomPermissionEvaluator" />  -->
            <!-- <beans:bean id="myAuthenticationSuccessHandler"
                class="com.ril.ml.config.MySimpleUrlAuthenticationSuccessHandler" /> -->

        </beans:beans>

также найти мой springContext.xml

    <?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 <!-- Enable auto-wiring -->
    <context:annotation-config/>
<!-- Scan for auto-wiring classes in spring saml packages -->
    <context:component-scan base-package="org.springframework.security.saml"/>
<!-- Unsecured pages -->
    <security:http security="none" pattern="/favicon.ico"/>
    <security:http security="none" pattern="/images/**"/>
    <security:http security="none" pattern="/css/**"/>
    <security:http security="none" pattern="/logout.jsp"/>
<!-- Security for the administration UI -->
    <security:http pattern="/saml/web/**" use-expressions="false">
        <security:access-denied-handler error-page="/saml/web/metadata/login"/>
        <security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
        <security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
        <!--  <security:intercept-url pattern="/login*" access="permitAll" />
        <security:intercept-url pattern="/Index*" 
        access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('SELFCARE')" />
        <security:intercept-url pattern="/mlurl*" 
intercept-url pattern="/addtrainingdata*" access="hasAuthority ('ADMIN')" />
        <security:intercept-url pattern="/edittrainingdata*" access="hasAuthority('ADMIN')" />
        <security:intercept-url pattern="/deletetrainingdata*" access="hasAuthority('ADMIN')" />
        <security:intercept-url pattern="/ml*" access="hasAuthority ('ADMIN') or hasAuthority('DATA-SCIENTIST') or hasAuthority('SELFCARE')" />
        <security:intercept-url pattern="/serverStatus*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />
        <security:intercept-url pattern="/configureservers*" access="hasAuthority ('ADMIN') or hasAuthority('SELFCARE') or hasAuthority('DATA-SCIENTIST')" />

<security:intercept-url pattern="/logout*" access="permitAll" />
        <security:intercept-url pattern="/**" access="hasAuthority('SELFCARE') or hasAuthority('ADMIN') or hasAuthority('DATA-SCIENTIST') " />
         -->
     </security:http>

    <!-- <security:global-method-security pre-post-annotations="enabled">
        <security:expression-handler ref="expressionHandler" />
    </security:global-method-security> -->


    <!-- Secured pages with SAML as entry point -->
    <security:http auto-config="true" entry-point-ref="samlEntryPoint" use-expressions="false">
        <security:csrf disabled="true"/>
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
       <!--  <security:intercept-url pattern="/adminDashboard*" access="hasAuthority('ADMIN')" /> -->
        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
        <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
    </security:http>

    <!-- Filters for processing of SAML messages -->
    <bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain-map request-matcher="ant">
            <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
            <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
            <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
            <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
            <security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
            <security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
            <security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
        </security:filter-chain-map>
    </bean>

    <!-- Handler deciding where to redirect user after successful login -->
    <bean id="successRedirectHandler"
          class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/"/>
    </bean>


    <!-- Handler deciding where to redirect user after failed login -->
    <bean id="failureRedirectHandler"
          class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <property name="useForward" value="true"/>
        <property name="defaultFailureUrl" value="/error.jsp"/>
    </bean>

    <!-- Handler for successful logout -->
    <bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
        <property name="defaultTargetUrl" value="/logout.jsp"/>
    </bean>

    <security:authentication-manager id="authenticationManager">
        <!-- Register authentication manager for SAML provider -->
        <security:authentication-provider ref="samlAuthenticationProvider"/>
        <!-- Register authentication manager for administration UI -->
        <security:authentication-provider>
            <security:user-service id="adminInterfaceService">
                <security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

    <!-- Logger for SAML messages and events -->
    <bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger">
       <!-- Enable these to see the actual SAML Messages in logs -->
       <!-- <property name="logAllMessages" value="true"/>  -->
       <!-- <property name="logErrors" value="true"/>  -->
       <!-- <property name="logMessagesOnException" value="true"/>  -->
       </bean>

    <!-- Central storage of cryptographic keys -->
    <bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
        <constructor-arg value="classpath:security/samlKeystore.jks"/>
        <constructor-arg type="java.lang.String" value="nalle123"/>
        <constructor-arg>
            <map>
                <entry key="apollo" value="nalle123"/>
            </map>
        </constructor-arg>
        <constructor-arg type="java.lang.String" value="apollo"/>
    </bean>

    <!-- Entry point to initialize authentication, default values taken from properties file -->
    <bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
        <property name="defaultProfileOptions">
            <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
                <property name="includeScoping" value="false"/>
            </bean>
        </property>
    </bean>

    <!-- IDP Discovery Service -->
    <bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
        <property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp"/>
    </bean>

    <!-- Filter automatically generates default SP metadata -->
    <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
                <property name="extendedMetadata">
                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                        <property name="idpDiscoveryEnabled" value="false"/>
                    </bean>
                </property>
            </bean>
        </constructor-arg>
    </bean>

    <!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
    <bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>

    <!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification -->
    <!--
    <bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer">
        <property name="sslHostnameVerification" value="default"/>
    </bean>
    -->

    <!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
    <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
        <constructor-arg>
            <list>

                <!-- Example of HTTP metadata without Extended Metadata -->
                <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
                    <!-- URL containing the metadata -->
                    <constructor-arg>
                        <value type="java.lang.String">IDP URL</value>
                    </constructor-arg>
                    <!-- Timeout for metadata loading in ms -->
                    <constructor-arg>
                        <value type="int">15000</value>
                    </constructor-arg>
                    <property name="parserPool" ref="parserPool"/>
                    <!--  <property name="metadataTrustCheck" value="false"/> -->
                </bean>
                <!-- Example of file system metadata without Extended Metadata -->
                <!--
                <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                    <constructor-arg>
                        <value type="java.io.File">/usr/local/metadata/idp.xml</value>
                    </constructor-arg>
                    <property name="parserPool" ref="parserPool"/>
                </bean>
                -->
            </list>
        </constructor-arg>
    </bean>

    <!-- SAML Authentication Provider responsible for validating of received SAML messages -->
    <bean id="cs" class="com.ril.ml.config.samlAuthenticationProvider">
    </bean>
    <bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
    <property name="userDetails" ref="cs" /> 
        <!-- <property name="userDetails" ref="bean" /> -->
    </bean>

    <!-- bean id="customPermissionEvaluator" class="com.ril.ml.config.CustomPermissionEvaluator" />
    <bean id="expressionHandler"
        class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
        <property name="permissionEvaluator" ref="customPermissionEvaluator" />
    </bean> -->


    <!-- Provider of default SAML Context -->
    <bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/>

    <!-- Processing filter for WebSSO profile messages -->
    <bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
        <property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
    </bean>

    <!-- Processing filter for WebSSO Holder-of-Key profile -->
    <bean id="samlWebSSOHoKProcessingFilter" class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
        <property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
    </bean>

    <!-- Logout handler terminating local session -->
    <bean id="logoutHandler"
          class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
        <property name="invalidateHttpSession" value="false"/>
    </bean>

    <!-- Override default logout processing filter with the one processing SAML messages -->
    <bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
        <constructor-arg index="0" ref="successLogoutHandler"/>
        <constructor-arg index="1" ref="logoutHandler"/>
        <constructor-arg index="2" ref="logoutHandler"/>
    </bean>

    <!-- Filter processing incoming logout messages -->
    <!-- First argument determines URL user will be redirected to after successful global logout -->
    <bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
        <constructor-arg index="0" ref="successLogoutHandler"/>
        <constructor-arg index="1" ref="logoutHandler"/>
    </bean>

    <!-- Class loading incoming SAML messages from httpRequest stream -->
    <bean id="processor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
        <constructor-arg>
            <list>
                <ref bean="redirectBinding"/>
                <ref bean="postBinding"/>
                <ref bean="artifactBinding"/>
                <ref bean="soapBinding"/>
                <ref bean="paosBinding"/>
            </list>
        </constructor-arg>
    </bean>

    <!-- SAML 2.0 WebSSO Assertion Consumer -->
    <bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl"/>

    <!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
    <bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>

    <!-- SAML 2.0 Web SSO profile -->
    <bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl"/>

    <!-- SAML 2.0 Holder-of-Key Web SSO profile -->
    <bean id="hokWebSSOProfile" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>

    <!-- SAML 2.0 ECP profile -->
    <bean id="ecpprofile" class="org.springframework.security.saml.websso.WebSSOProfileECPImpl"/>

    <!-- SAML 2.0 Logout Profile -->
    <bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl"/>

    <!-- Bindings, encoders and decoders used for creating and parsing messages -->
    <bean id="postBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
        <constructor-arg ref="parserPool"/>
        <constructor-arg ref="velocityEngine"/>
    </bean>

    <bean id="redirectBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
        <constructor-arg ref="parserPool"/>
    </bean>

    <bean id="artifactBinding" class="org.springframework.security.saml.processor.HTTPArtifactBinding">
        <constructor-arg ref="parserPool"/>
        <constructor-arg ref="velocityEngine"/>
        <constructor-arg>
            <bean class="org.springframework.security.saml.websso.ArtifactResolutionProfileImpl">
                <constructor-arg>
                    <bean class="org.apache.commons.httpclient.HttpClient">
                        <constructor-arg>
                            <bean class="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
                        </constructor-arg>
                    </bean>
                </constructor-arg>
                <property name="processor">
                    <bean class="org.springframework.security.saml.processor.SAMLProcessorImpl">
                        <constructor-arg ref="soapBinding"/>
                    </bean>
                </property>
            </bean>
        </constructor-arg>
    </bean>

    <bean id="soapBinding" class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
        <constructor-arg ref="parserPool"/>
    </bean>

    <bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
        <constructor-arg ref="parserPool"/>
    </bean>

    <!-- Initialization of OpenSAML library-->
    <bean class="org.springframework.security.saml.SAMLBootstrap"/>

    <!-- Initialization of the velocity engine -->
    <bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine"/>

    <bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize"/>

    <bean id="parserPoolHolder" class="org.springframework.security.saml.parser.ParserPoolHolder"/>

</beans>

, также я использую samlauthenticationProvider.где определена логика для получения пользователя от роли.У меня нет пароля пользователя, просто имя пользователя из ответа saml. Роль, которую я даю против имени пользователя из файла role.xlsx.Часть авторизации должна быть реализована. Пожалуйста, посмотрите на XML-файлы, и любые предложения будут полезны.

...