Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change possessives to use two ticks

Browse Source
This commit is contained in:
Josh Cummings 2023-06-05 12:35:28 -06:00
parent 783f674704
commit e834543eed
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc
View File

@ -96,7 +96,7 @@ relyingPartyRegistrationBuilder.assertionConsumerServiceLocation("/saml2/login/s
== Setting a Clock Skew == Setting a Clock Skew
It's not uncommon for the asserting and relying parties to have system clocks that aren't perfectly synchronized. It's not uncommon for the asserting and relying parties to have system clocks that aren't perfectly synchronized.
For that reason, you can configure `OpenSaml4AuthenticationProvider` 's default assertion validator with some tolerance: For that reason, you can configure ``OpenSaml4AuthenticationProvider``'s default assertion validator with some tolerance:
==== ====
.Java .Java
@ -238,7 +238,7 @@ open class SecurityConfig {
<3> Third, return a custom authentication that includes the user details <3> Third, return a custom authentication that includes the user details
[NOTE] [NOTE]
It's not required to call `OpenSaml4AuthenticationProvider` 's default authentication converter. It's not required to call ``OpenSaml4AuthenticationProvider``'s default authentication converter.
It returns a `Saml2AuthenticatedPrincipal` containing the attributes it extracted from ``AttributeStatement``s as well as the single `ROLE_USER` authority. It returns a `Saml2AuthenticatedPrincipal` containing the attributes it extracted from ``AttributeStatement``s as well as the single `ROLE_USER` authority.
[[servlet-saml2login-opensamlauthenticationprovider-additionalvalidation]] [[servlet-saml2login-opensamlauthenticationprovider-additionalvalidation]]
@ -271,7 +271,7 @@ After verifying the signature, it will:
1. Validate `<AudienceRestriction>` and `<DelegationRestriction>` conditions 1. Validate `<AudienceRestriction>` and `<DelegationRestriction>` conditions
2. Validate ``<SubjectConfirmation>``s, expect for any IP address information 2. Validate ``<SubjectConfirmation>``s, expect for any IP address information
To perform additional validation, you can configure your own assertion validator that delegates to `OpenSaml4AuthenticationProvider` 's default and then performs its own. To perform additional validation, you can configure your own assertion validator that delegates to ``OpenSaml4AuthenticationProvider``'s default and then performs its own.
[[servlet-saml2login-opensamlauthenticationprovider-onetimeuse]] [[servlet-saml2login-opensamlauthenticationprovider-onetimeuse]]
For example, you can use OpenSAML's `OneTimeUseConditionValidator` to also validate a `<OneTimeUse>` condition, like so: For example, you can use OpenSAML's `OneTimeUseConditionValidator` to also validate a `<OneTimeUse>` condition, like so:
@ -325,7 +325,7 @@ provider.setAssertionValidator { assertionToken ->
==== ====
[NOTE] [NOTE]
While recommended, it's not necessary to call `OpenSaml4AuthenticationProvider` 's default assertion validator. While recommended, it's not necessary to call ``OpenSaml4AuthenticationProvider``'s default assertion validator.
A circumstance where you would skip it would be if you don't need it to check the `<AudienceRestriction>` or the `<SubjectConfirmation>` since you are doing those yourself. A circumstance where you would skip it would be if you don't need it to check the `<AudienceRestriction>` or the `<SubjectConfirmation>` since you are doing those yourself.
[[servlet-saml2login-opensamlauthenticationprovider-decryption]] [[servlet-saml2login-opensamlauthenticationprovider-decryption]]
@ -337,7 +337,7 @@ Spring Security decrypts `<saml2:EncryptedAssertion>`, `<saml2:EncryptedAttribut
The response decrypter is for decrypting encrypted elements of the `<saml2:Response>`, like `<saml2:EncryptedAssertion>`. The response decrypter is for decrypting encrypted elements of the `<saml2:Response>`, like `<saml2:EncryptedAssertion>`.
The assertion decrypter is for decrypting encrypted elements of the `<saml2:Assertion>`, like `<saml2:EncryptedAttribute>` and `<saml2:EncryptedID>`. The assertion decrypter is for decrypting encrypted elements of the `<saml2:Assertion>`, like `<saml2:EncryptedAttribute>` and `<saml2:EncryptedID>`.
You can replace `OpenSaml4AuthenticationProvider` 's default decryption strategy with your own. You can replace ``OpenSaml4AuthenticationProvider``'s default decryption strategy with your own.
For example, if you have a separate service that decrypts the assertions in a `<saml2:Response>`, you can use it instead like so: For example, if you have a separate service that decrypts the assertions in a `<saml2:Response>`, you can use it instead like so:
==== ====