perf(X-Pack): 完善 SAML2 对接签名过程

2026-06-18 05:18:07 +08:00 · 2025-09-28 16:46:20 +08:00
parent e460e6eedb
commit e49938ca1e
9 changed files with 59 additions and 34 deletions
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
@@ -81,6 +81,10 @@ public interface XpackAuthenticationApi {
    @PostMapping("/validate/oauth2")
    String validateOauth2(@RequestBody XpackOauth2VO editor);

+    @Operation(summary = "验证SAML2")
+    @PostMapping("/validate/saml2")
+    String validateSaml2(@RequestBody XpackSaml2VO editor);
+
    @Operation(summary = "验证")
    @PostMapping("/validateId/{id}")
    String validate(@PathVariable("id") Long id);
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
@@ -2,6 +2,7 @@ package io.dataease.api.xpack.settings;

 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;

@@ -9,9 +10,12 @@ import org.springframework.web.bind.annotation.PostMapping;
@ApiSupport(order = 899)
 public interface XpackSaml2Api {

-    @GetMapping("/login")
-    void saml2Login();
-
    @PostMapping("/sso")
-    void saml2Callback() throws Exception;
+    String sso();
+
+    @GetMapping(value = "/metadata", produces = MediaType.APPLICATION_XML_VALUE)
+    String metadata();
+
+    @GetMapping("/login")
+    void login();
 }
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
@@ -2,14 +2,16 @@ package io.dataease.api.xpack.settings.vo;

 import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.signature.X509Certificate;

 import java.io.Serializable;
 import java.security.PrivateKey;
-import java.security.cert.X509Certificate;

@Data
 public class XpackSaml2VO implements Serializable {

+    private String idpMetaUrl;
    private String spEntityId;
    private String spAcs;

@@ -17,15 +19,20 @@ public class XpackSaml2VO implements Serializable {
    private String idpEntityId;
    private String idpLogoutUrl;

+    private String privateKey;
+    private String certificate;
+
+    private String mapping;
+

    @JsonIgnore
    private PrivateKey spPrivateKey;
    @JsonIgnore
-    private X509Certificate spCertificate;
+    private BasicX509Credential spCertificate;
    @JsonIgnore
    private X509Certificate idpCertificate;

-    private int assertionValidityTime = 300; // 5分钟
+    private int assertionValidityTime = 300;
    private boolean wantAssertionsSigned = true;
    private boolean wantAuthnRequestsSigned = true;