Simplify Saml2 Login Sample

2022-07-27 16:42:42 -06:00 · 2022-07-27 16:42:42 -06:00 · eb69904f4d
parent 57a3de019e
commit eb69904f4d
4 changed files with 15 additions and 157 deletions
--- a/servlet/spring-boot/java/saml2/login/src/integTest/java/example/Saml2LoginApplicationITests.java
+++ b/servlet/spring-boot/java/saml2/login/src/integTest/java/example/Saml2LoginApplicationITests.java
@ -52,8 +52,7 @@ public class Saml2LoginApplicationITests {
 	}

 	private void performLogin(String registrationId) throws Exception {
-		HtmlPage login = this.webClient.getPage("/");
-		login.getAnchorByHref("/saml2/authenticate/" + registrationId).click();
+		this.webClient.getPage("/");
 		this.webClient.waitForBackgroundJavaScript(10000);
 		HtmlPage okta = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
 		this.webClient.waitForBackgroundJavaScript(10000);
@ -103,26 +102,4 @@ public class Saml2LoginApplicationITests {

 	}

-	@DisplayName("Tenant two tests")
-	@Nested
-	class TenantTwoTests {
-
-		@Test
-		void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
-			performLogin("two");
-			HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
-			assertThat(home.asNormalizedText()).contains("You're email address is testuser@spring.security.saml");
-		}
-
-		@Test
-		void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
-			performLogin("two");
-			HtmlPage home = (HtmlPage) Saml2LoginApplicationITests.this.webClient.getCurrentWindow().getEnclosedPage();
-			HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
-			HtmlPage loginPage = rpLogoutButton.click();
-			assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
-		}
-
-	}
-
 }
--- a/servlet/spring-boot/java/saml2/login/src/main/java/example/SecurityConfiguration.java
+++ b/servlet/spring-boot/java/saml2/login/src/main/java/example/SecurityConfiguration.java
@ -1,109 +0,0 @@
-/*
- * Copyright 2002-2021 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package example;
-
-import java.io.InputStream;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.saml2.core.Saml2X509Credential;
-import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
-import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
-import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
-import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
-import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
-import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
-import org.springframework.security.web.SecurityFilterChain;
-
-@Configuration
-public class SecurityConfiguration {
-
-	@Bean
-	SecurityFilterChain app(HttpSecurity http) throws Exception {
-		// @formatter:off
-		http
-			.authorizeHttpRequests((authorize) -> authorize
-				.anyRequest().authenticated()
-			)
-			.saml2Login(Customizer.withDefaults())
-			.saml2Logout(Customizer.withDefaults());
-		// @formatter:on
-
-		return http.build();
-	}
-
-	@Bean
-	RelyingPartyRegistrationResolver relyingPartyRegistrationResolver(
-			RelyingPartyRegistrationRepository registrations) {
-		return new DefaultRelyingPartyRegistrationResolver(registrations);
-	}
-
-	@Bean
-	FilterRegistrationBean<Saml2MetadataFilter> metadata(RelyingPartyRegistrationResolver registrations) {
-		Saml2MetadataFilter metadata = new Saml2MetadataFilter(registrations, new OpenSamlMetadataResolver());
-		FilterRegistrationBean<Saml2MetadataFilter> filter = new FilterRegistrationBean<>(metadata);
-		filter.setOrder(-101);
-		return filter;
-	}
-
-	@Bean
-	RelyingPartyRegistrationRepository repository(
-			@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
-		RelyingPartyRegistration one = RelyingPartyRegistrations
-				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
-				.registrationId("one")
-				.signingX509Credentials(
-						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
-				.singleLogoutServiceLocation(
-						"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
-				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
-				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
-		RelyingPartyRegistration two = RelyingPartyRegistrations
-				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
-				.registrationId("two")
-				.signingX509Credentials(
-						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
-				.singleLogoutServiceLocation(
-						"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
-				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
-				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
-		return new InMemoryRelyingPartyRegistrationRepository(one, two);
-	}
-
-	X509Certificate relyingPartyCertificate() {
-		Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
-		try (InputStream is = resource.getInputStream()) {
-			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
-		}
-		catch (Exception ex) {
-			throw new UnsupportedOperationException(ex);
-		}
-	}
-
-}
--- a/servlet/spring-boot/java/saml2/login/src/main/resources/application.yml
+++ b/servlet/spring-boot/java/saml2/login/src/main/resources/application.yml
@ -1,2 +1,16 @@
 logging.level:
  org.springframework.security: TRACE
+
+spring:
+  security:
+    saml2:
+      relyingparty:
+        registration:
+          one:
+            signing.credentials:
+              - private-key-location: classpath:credentials/rp-private.key
+                certificate-location: classpath:credentials/rp-certificate.crt
+            singlelogout:
+              binding: POST
+              response-url: "{baseUrl}/logout/saml2/slo"
+            assertingparty.metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata
--- a/servlet/spring-boot/java/saml2/login/src/main/resources/credentials/idp-certificate.crt
+++ b/servlet/spring-boot/java/saml2/login/src/main/resources/credentials/idp-certificate.crt
@ -1,24 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYD
-VQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwX
-c2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0Bw
-aXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAa
-BgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQD
-DBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlr
-QHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62
-E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz
-2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWW
-RDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQ
-nX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5
-cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gph
-iJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5
-ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTAD
-AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduO
-nRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+v
-ZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLu
-xbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6z
-V9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3
-lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk
-----END CERTIFICATE-----