spring-security/docs/modules/ROOT/pages/servlet/saml2/opensaml.adoc

= OpenSAML Support

Spring Security provides an API for implementing SAML 2.0 features, and it also provides a default implementation using OpenSAML.

Because Spring Security supports more than one version of OpenSAML at the same time, the components use the following naming convention:

* Any component that is usable across all supported versions is named `OpenSamlXXX`.
* Any component that targets OpenSAML 4.x is named `OpenSaml4XXX`
* Any component that targets OpenSAML 5.x is named `OpenSaml5XXX`

`spring-security-config` selects between these implementations by default by discovering which version your application is currently using.
For example, if you are using OpenSAML 4, Spring Security will use the `OpenSaml4XXX` components.

== Selecting OpenSAML 4

Spring Security depends on OpenSAML 4 by default, so you need do nothing to begin using it other than importing the `spring-security-saml` dependency.

== Selecting OpenSAML 5

To use OpenSAML, you should override the `opensaml` dependencies as follows:

[tabs]
======
Maven::
+
[source,maven,role="primary"]
----
<dependencies>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-saml2-service-provider</artifactId>
        <exclusions>
            <exclusion>
                <groupId>org.opensaml</groupId>
                <artifactId>*</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.opensaml</groupId>
        <artifactId>opensaml-saml-api</artifactId>
        <version>5.1.2</version>
    </dependency>
    <dependency>
        <groupId>org.opensaml</groupId>
        <artifactId>opensaml-saml-impl</artifactId>
        <version>5.1.2</version>
    </dependency>
</dependencies>
----

Gradle::
+
[source,gradle,role="secondary"]
----
dependencies {
    constraints {
        implementation "org.opensaml:opensaml-core-api:5.1.2"
        implementation "org.opensaml:opensaml-core-impl:5.1.2"
        implementation "org.opensaml:opensaml-saml-api:5.1.2"
        implementation "org.opensaml:opensaml-saml-impl:5.1.2"
    }

    // ...

    implementation ('org.springframework.security:spring-security-saml2-service-provider') {
        exclude group: "org.opensaml", module: "opensaml-core"
    }

    // ...
}
----
======

[NOTE]
The exclusion is necessary because OpenSAML 5 splits `opensaml-core` into `opensaml-core-api` and `opensaml-core-impl`
Document OpenSAML 4 vs OpenSAML 5 Support Closes gh-11658 2024-08-05 10:39:53 -06:00			`= OpenSAML Support`

			`Spring Security provides an API for implementing SAML 2.0 features, and it also provides a default implementation using OpenSAML.`

			`Because Spring Security supports more than one version of OpenSAML at the same time, the components use the following naming convention:`

			* Any component that is usable across all supported versions is named `OpenSamlXXX`.
			* Any component that targets OpenSAML 4.x is named `OpenSaml4XXX`
			* Any component that targets OpenSAML 5.x is named `OpenSaml5XXX`

			`spring-security-config` selects between these implementations by default by discovering which version your application is currently using.
			For example, if you are using OpenSAML 4, Spring Security will use the `OpenSaml4XXX` components.

			`== Selecting OpenSAML 4`

			Spring Security depends on OpenSAML 4 by default, so you need do nothing to begin using it other than importing the `spring-security-saml` dependency.

			`== Selecting OpenSAML 5`

			To use OpenSAML, you should override the `opensaml` dependencies as follows:

			`[tabs]`
			`======`
			`Maven::`
			`+`
			`[source,maven,role="primary"]`
			`----`
			`<dependencies>`
			`<dependency>`
			`<groupId>org.springframework.security</groupId>`
			`<artifactId>spring-security-saml2-service-provider</artifactId>`
			`<exclusions>`
			`<exclusion>`
			`<groupId>org.opensaml</groupId>`
Fix: Correct OpenSAML 5.x Documentation - Fixed invalid XML tags in dependency examples. - Corrected typo in `<artifactId>` ("opensaml-saml-imple" -> "opensaml-saml-impl"). - Excluded all OpenSAML 4.x dependencies. - Removed redundant dependencies (`opensaml-core-api` and `opensaml-core-impl`) as they are transitively included in `opensaml-saml-api` and `opensaml-saml-impl`. Closes gh-16191 2024-12-02 02:26:00 +05:30			`<artifactId>*</artifactId>`
Document OpenSAML 4 vs OpenSAML 5 Support Closes gh-11658 2024-08-05 10:39:53 -06:00			`</exclusion>`
			`</exclusions>`
			`</dependency>`
Fix: Correct OpenSAML 5.x Documentation - Fixed invalid XML tags in dependency examples. - Corrected typo in `<artifactId>` ("opensaml-saml-imple" -> "opensaml-saml-impl"). - Excluded all OpenSAML 4.x dependencies. - Removed redundant dependencies (`opensaml-core-api` and `opensaml-core-impl`) as they are transitively included in `opensaml-saml-api` and `opensaml-saml-impl`. Closes gh-16191 2024-12-02 02:26:00 +05:30			`<dependency>`
			`<groupId>org.opensaml</groupId>`
			`<artifactId>opensaml-saml-api</artifactId>`
			`<version>5.1.2</version>`
			`</dependency>`
			`<dependency>`
			`<groupId>org.opensaml</groupId>`
			`<artifactId>opensaml-saml-impl</artifactId>`
			`<version>5.1.2</version>`
			`</dependency>`
Document OpenSAML 4 vs OpenSAML 5 Support Closes gh-11658 2024-08-05 10:39:53 -06:00			`</dependencies>`
			`----`

			`Gradle::`
			`+`
			`[source,gradle,role="secondary"]`
			`----`
			`dependencies {`
			`constraints {`
			`implementation "org.opensaml:opensaml-core-api:5.1.2"`
			`implementation "org.opensaml:opensaml-core-impl:5.1.2"`
			`implementation "org.opensaml:opensaml-saml-api:5.1.2"`
			`implementation "org.opensaml:opensaml-saml-impl:5.1.2"`
			`}`

			`// ...`

			`implementation ('org.springframework.security:spring-security-saml2-service-provider') {`
			`exclude group: "org.opensaml", module: "opensaml-core"`
			`}`

			`// ...`
			`}`
			`----`
			`======`

			`[NOTE]`
			The exclusion is necessary because OpenSAML 5 splits `opensaml-core` into `opensaml-core-api` and `opensaml-core-impl`