Simplify SAML configuration
This commit is contained in:
parent
cb4bd098e3
commit
88f886e646
|
@ -81,15 +81,13 @@ public class SecurityConfiguration {
|
||||||
@Bean
|
@Bean
|
||||||
RelyingPartyRegistrationRepository repository(
|
RelyingPartyRegistrationRepository repository(
|
||||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
||||||
|
Saml2X509Credential signing = Saml2X509Credential.signing(privateKey, relyingPartyCertificate());
|
||||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
RelyingPartyRegistration two = RelyingPartyRegistrations
|
||||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||||
.registrationId("two")
|
.registrationId("two")
|
||||||
.signingX509Credentials(
|
.signingX509Credentials((c) -> c.add(signing))
|
||||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo")
|
||||||
.singleLogoutServiceLocation(
|
.build();
|
||||||
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
|
|
||||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
|
||||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
|
||||||
return new InMemoryRelyingPartyRegistrationRepository(two);
|
return new InMemoryRelyingPartyRegistrationRepository(two);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,6 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
|
||||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
|
||||||
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
||||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||||
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
|
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
|
||||||
|
@ -44,6 +43,8 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||||
@Configuration
|
@Configuration
|
||||||
public class SecurityConfiguration {
|
public class SecurityConfiguration {
|
||||||
|
|
||||||
|
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey;
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain app(HttpSecurity http) throws Exception {
|
SecurityFilterChain app(HttpSecurity http) throws Exception {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
@ -73,29 +74,23 @@ public class SecurityConfiguration {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
RelyingPartyRegistrationRepository repository(
|
RelyingPartyRegistrationRepository repository() {
|
||||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
RelyingPartyRegistration one = addRelyingPartyDetails(RelyingPartyRegistrations
|
||||||
RelyingPartyRegistration one = RelyingPartyRegistrations
|
|
||||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
|
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
|
||||||
.registrationId("one")
|
.registrationId("one")).build();
|
||||||
.signingX509Credentials(
|
RelyingPartyRegistration two = addRelyingPartyDetails(RelyingPartyRegistrations
|
||||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
|
||||||
.singleLogoutServiceLocation(
|
|
||||||
"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
|
|
||||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
|
||||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
|
||||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
|
||||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||||
.registrationId("two")
|
.registrationId("two")).build();
|
||||||
.signingX509Credentials(
|
|
||||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
|
||||||
.singleLogoutServiceLocation(
|
|
||||||
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
|
|
||||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
|
||||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
|
||||||
return new InMemoryRelyingPartyRegistrationRepository(one, two);
|
return new InMemoryRelyingPartyRegistrationRepository(one, two);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
RelyingPartyRegistration.Builder addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
|
||||||
|
Saml2X509Credential signing = Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate());
|
||||||
|
return builder
|
||||||
|
.signingX509Credentials((c) -> c.add(signing))
|
||||||
|
.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo");
|
||||||
|
}
|
||||||
|
|
||||||
X509Certificate relyingPartyCertificate() {
|
X509Certificate relyingPartyCertificate() {
|
||||||
Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
|
Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
|
||||||
try (InputStream is = resource.getInputStream()) {
|
try (InputStream is = resource.getInputStream()) {
|
||||||
|
|
Loading…
Reference in New Issue