# 生成<saml2:SPSSODescriptor>元数据

你可以通过将Saml2MetadataFilter添加到筛选链来发布元数据端点,如下所示:

Java

DefaultRelyingPartyRegistrationResolver relyingPartyRegistrationResolver =
        new DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository);
Saml2MetadataFilter filter = new Saml2MetadataFilter(
        relyingPartyRegistrationResolver,
        new OpenSamlMetadataResolver());

http
    // ...
    .saml2Login(withDefaults())
    .addFilterBefore(filter, Saml2WebSsoAuthenticationFilter.class);

Kotlin

val relyingPartyRegistrationResolver: Converter<HttpServletRequest, RelyingPartyRegistration> =
    DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository)
val filter = Saml2MetadataFilter(
    relyingPartyRegistrationResolver,
    OpenSamlMetadataResolver()
)

http {
    //...
    saml2Login { }
    addFilterBefore<Saml2WebSsoAuthenticationFilter>(filter)
}

你可以使用此元数据端点将你的依赖方注册为你的断言方.这通常很简单,只需找到正确的表单字段来提供元数据端点即可。

默认情况下,元数据端点是/saml2/service-provider-metadata/{registrationId}。你可以通过调用过滤器上的setRequestMatcher方法来更改这一点:

Java

filter.setRequestMatcher(new AntPathRequestMatcher("/saml2/metadata/{registrationId}", "GET"));

Kotlin

filter.setRequestMatcher(AntPathRequestMatcher("/saml2/metadata/{registrationId}", "GET"))

或者,如果你在构造函数中注册了一个自定义依赖方注册解析器,那么你可以在没有registrationId提示的情况下指定一个路径,就像这样:

Java

filter.setRequestMatcher(new AntPathRequestMatcher("/saml2/metadata", "GET"));

Kotlin

filter.setRequestMatcher(AntPathRequestMatcher("/saml2/metadata", "GET"))

SAML2注销保护免受剥削