(window.webpackJsonp=window.webpackJsonp||[]).push([[300],{726:function(t,e,a){"use strict";a.r(e);var s=a(56),r=Object(s.a)({},(function(){var t=this,e=t.$createElement,a=t._self._c||e;return a("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[a("h1",{attrs:{id:"producing-saml2-spssodescriptor-metadata"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#producing-saml2-spssodescriptor-metadata"}},[t._v("#")]),t._v(" Producing "),a("code",[t._v("<saml2:SPSSODescriptor>")]),t._v(" Metadata")]),t._v(" "),a("p",[t._v("You can publish a metadata endpoint by adding the "),a("code",[t._v("Saml2MetadataFilter")]),t._v(" to the filter chain, as you’ll see below:")]),t._v(" "),a("p",[t._v("Java")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v("DefaultRelyingPartyRegistrationResolver relyingPartyRegistrationResolver =\n        new DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository);\nSaml2MetadataFilter filter = new Saml2MetadataFilter(\n        relyingPartyRegistrationResolver,\n        new OpenSamlMetadataResolver());\n\nhttp\n    // ...\n    .saml2Login(withDefaults())\n    .addFilterBefore(filter, Saml2WebSsoAuthenticationFilter.class);\n")])])]),a("p",[t._v("Kotlin")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v("val relyingPartyRegistrationResolver: Converter<HttpServletRequest, RelyingPartyRegistration> =\n    DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository)\nval filter = Saml2MetadataFilter(\n    relyingPartyRegistrationResolver,\n    OpenSamlMetadataResolver()\n)\n\nhttp {\n    //...\n    saml2Login { }\n    addFilterBefore<Saml2WebSsoAuthenticationFilter>(filter)\n}\n")])])]),a("p",[t._v("You can use this metadata endpoint to register your relying party with your asserting party.\nThis is often as simple as finding the correct form field to supply the metadata endpoint.")]),t._v(" "),a("p",[t._v("By default, the metadata endpoint is "),a("code",[t._v("/saml2/service-provider-metadata/{registrationId}")]),t._v(".\nYou can change this by calling the "),a("code",[t._v("setRequestMatcher")]),t._v(" method on the filter:")]),t._v(" "),a("p",[t._v("Java")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('filter.setRequestMatcher(new AntPathRequestMatcher("/saml2/metadata/{registrationId}", "GET"));\n')])])]),a("p",[t._v("Kotlin")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('filter.setRequestMatcher(AntPathRequestMatcher("/saml2/metadata/{registrationId}", "GET"))\n')])])]),a("p",[t._v("Or, if you have registered a custom relying party registration resolver in the constructor, then you can specify a path without a "),a("code",[t._v("registrationId")]),t._v(" hint, like so:")]),t._v(" "),a("p",[t._v("Java")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('filter.setRequestMatcher(new AntPathRequestMatcher("/saml2/metadata", "GET"));\n')])])]),a("p",[t._v("Kotlin")]),t._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[t._v('filter.setRequestMatcher(AntPathRequestMatcher("/saml2/metadata", "GET"))\n')])])]),a("p",[a("RouterLink",{attrs:{to:"/en/spring-security/logout.html"}},[t._v("SAML2 Logout")]),a("RouterLink",{attrs:{to:"/en/exploits/index.html"}},[t._v("Protection Against Exploits")])],1)])}),[],!1,null,null,null);e.default=r.exports}}]);