Simplify SAML configuration
This commit is contained in:
parent
cb4bd098e3
commit
88f886e646
|
@ -81,15 +81,13 @@ public class SecurityConfiguration {
|
|||
@Bean
|
||||
RelyingPartyRegistrationRepository repository(
|
||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
||||
Saml2X509Credential signing = Saml2X509Credential.signing(privateKey, relyingPartyCertificate());
|
||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||
.registrationId("two")
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
.signingX509Credentials((c) -> c.add(signing))
|
||||
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(two);
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,6 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
|
|||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
|
||||
|
@ -44,6 +43,8 @@ import org.springframework.security.web.SecurityFilterChain;
|
|||
@Configuration
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey;
|
||||
|
||||
@Bean
|
||||
SecurityFilterChain app(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
|
@ -73,29 +74,23 @@ public class SecurityConfiguration {
|
|||
}
|
||||
|
||||
@Bean
|
||||
RelyingPartyRegistrationRepository repository(
|
||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
||||
RelyingPartyRegistration one = RelyingPartyRegistrations
|
||||
RelyingPartyRegistrationRepository repository() {
|
||||
RelyingPartyRegistration one = addRelyingPartyDetails(RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
|
||||
.registrationId("one")
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
||||
.registrationId("one")).build();
|
||||
RelyingPartyRegistration two = addRelyingPartyDetails(RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||
.registrationId("two")
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
.registrationId("two")).build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(one, two);
|
||||
}
|
||||
|
||||
RelyingPartyRegistration.Builder addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
|
||||
Saml2X509Credential signing = Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate());
|
||||
return builder
|
||||
.signingX509Credentials((c) -> c.add(signing))
|
||||
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo");
|
||||
}
|
||||
|
||||
X509Certificate relyingPartyCertificate() {
|
||||
Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
|
||||
try (InputStream is = resource.getInputStream()) {
|
||||
|
|
Loading…
Reference in New Issue