Simplify SAML configuration

This commit is contained in:
Josh Cummings 2022-03-31 12:49:05 -06:00
parent cb4bd098e3
commit 88f886e646
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 18 additions and 25 deletions

View File

@ -81,15 +81,13 @@ public class SecurityConfiguration {
@Bean @Bean
RelyingPartyRegistrationRepository repository( RelyingPartyRegistrationRepository repository(
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) { @Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
Saml2X509Credential signing = Saml2X509Credential.signing(privateKey, relyingPartyCertificate());
RelyingPartyRegistration two = RelyingPartyRegistrations RelyingPartyRegistration two = RelyingPartyRegistrations
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata") .fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
.registrationId("two") .registrationId("two")
.signingX509Credentials( .signingX509Credentials((c) -> c.add(signing))
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate()))) .singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo")
.singleLogoutServiceLocation( .build();
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
return new InMemoryRelyingPartyRegistrationRepository(two); return new InMemoryRelyingPartyRegistrationRepository(two);
} }

View File

@ -35,7 +35,6 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter; import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
@ -44,6 +43,8 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
public class SecurityConfiguration { public class SecurityConfiguration {
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey;
@Bean @Bean
SecurityFilterChain app(HttpSecurity http) throws Exception { SecurityFilterChain app(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
@ -73,29 +74,23 @@ public class SecurityConfiguration {
} }
@Bean @Bean
RelyingPartyRegistrationRepository repository( RelyingPartyRegistrationRepository repository() {
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) { RelyingPartyRegistration one = addRelyingPartyDetails(RelyingPartyRegistrations
RelyingPartyRegistration one = RelyingPartyRegistrations
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata") .fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
.registrationId("one") .registrationId("one")).build();
.signingX509Credentials( RelyingPartyRegistration two = addRelyingPartyDetails(RelyingPartyRegistrations
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
.singleLogoutServiceLocation(
"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
RelyingPartyRegistration two = RelyingPartyRegistrations
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata") .fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
.registrationId("two") .registrationId("two")).build();
.signingX509Credentials(
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
.singleLogoutServiceLocation(
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
return new InMemoryRelyingPartyRegistrationRepository(one, two); return new InMemoryRelyingPartyRegistrationRepository(one, two);
} }
RelyingPartyRegistration.Builder addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
Saml2X509Credential signing = Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate());
return builder
.signingX509Credentials((c) -> c.add(signing))
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo");
}
X509Certificate relyingPartyCertificate() { X509Certificate relyingPartyCertificate() {
Resource resource = new ClassPathResource("credentials/rp-certificate.crt"); Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
try (InputStream is = resource.getInputStream()) { try (InputStream is = resource.getInputStream()) {