Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,522 Commits 34 Branches 337 Tags
Commit Graph

252 Commits

Author SHA1 Message Date
Josh Cummings
2db4430dcd Preserve OpenSamlAssertingPartyDetails Instance 
Closes gh-12667
 2023-02-17 10:02:17 -07:00
Josh Cummings
3cfaf0d11d
Avoid LinkedMultiValueMap in Serializable Object 
Closes gh-11785
 2022-12-23 15:54:00 -07:00
Marcus Da Coregio
2d19d972f4 Merge branch '5.6.x' into 5.7.x 2022-11-16 14:51:07 -03:00
Marcus Da Coregio
d5aabd721a Specify UTF8 for response content 
This is needed because in some other platforms, like Windows, the default charset might be different

Issue gh-12026
 2022-11-16 14:50:31 -03:00
Marcus Da Coregio
8441e755d3 Merge branch '5.6.x' into 5.7.x 
Closes gh-12221
 2022-11-16 13:44:16 -03:00
Marcus Da Coregio
53148dc7b5 Use UTF-8 in Saml2MetadataFilter response writer 
Closes gh-12026
 2022-11-16 13:43:46 -03:00
Josh Cummings
79483b2bc9
Merge branch '5.6.x' into 5.7.x 
Closes gh-12208
 2022-11-14 18:16:22 -07:00
Sabina Palakova
ed3af6482d Fix SAML logout log messages 
Fixes SAML logout log messages incorrectly referring to logout
response instead of logout request and vice versa.

Closes gh-12129
 2022-11-14 18:11:49 -07:00
Josh Cummings
56a6133b20
Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:43:25 -06:00
Josh Cummings
bced37f6a7
Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:41:55 -06:00
Joe Grandja
2a3845a7ed Update org.opensaml:opensaml-core4 to 4.1.1 
Closes gh-11420
 2022-06-20 14:50:24 -04:00
Joe Grandja
bca43af9bb Update org.opensaml:opensaml-core4 to 4.1.1 
Closes gh-11410
 2022-06-20 12:08:07 -04:00
Josh Cummings
d22277ce36
Add missing KeyInfo 
Closes gh-11354
 2022-06-09 13:16:50 -06:00
Josh Cummings
bd60a0f8c9
Add OpenSamlSigningUtilsTests 
Issue gh-11354
 2022-06-09 13:16:49 -06:00
Claudio Consolmagno
07f9afe057
Use 'md:' prefix in EntityDescriptor XML 
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
 2022-05-31 17:11:02 -06:00
Claudio Consolmagno
c39d39b35f
Use 'md:' prefix in EntityDescriptor XML 
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
 2022-05-31 17:08:51 -06:00
Juny Tse
649428b49a
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 12:06:27 -06:00
Juny Tse
d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 12:02:13 -06:00
Marcus Da Coregio
bb0c336ae8 Deprecate Saml2AuthenticationRequestFactory 
Closes gh-11080
 2022-04-08 09:32:03 -03:00
Josh Cummings
cf29bf996c
Polish InResponseTo support 
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once

Issue gh-9174
 2022-03-15 14:06:58 -06:00
Elias Lousseief
3c878549b5
Add support for validation of InResponseTo 
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).

Closes gh-9174
 2022-03-15 14:06:57 -06:00
Elias Lousseief
836f203d44
Refactored OpenSaml4AuthenticationProviderTests 
Factored out repeatedly used code for signing a request.
 2022-03-15 14:06:57 -06:00
Marcus Da Coregio
73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Josh Cummings
ff87cfce3a Polish EntityDescriptor Customizer 
Issue gh-10839
 2022-03-04 10:42:04 -07:00
Ulrich Grave
d225205bf2 Add method to customize EntityDescriptor 
Closes gh-10839
 2022-03-04 10:42:04 -07:00
Josh Cummings
304e89041c Polish Formatting 
Issue gh-10799
 2022-03-02 16:40:13 -07:00
Sander van Schouwenburg
f1a76efc2d Preserve order of RelyingPartRegistration credentials 
Issue gh-10799
 2022-03-02 16:40:13 -07:00
Josh Cummings
963251314b Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:40:11 -07:00
Josh Cummings
ee061f3659 Use RFC2045 Encoding for SAML 2.0 Logout 
Closes gh-10923
 2022-03-02 16:39:31 -07:00
Josh Cummings
923c61e9d2 Polish Formatting 
Issue gh-10799
 2022-03-02 16:37:58 -07:00
Sander van Schouwenburg
14d0663ae2 Preserve order of RelyingPartRegistration credentials 
Issue gh-10799
 2022-03-02 16:37:58 -07:00
Josh Cummings
7a02bd14c1 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:19:03 -07:00
Josh Cummings
238616da80 Use RFC2045 Encoding for SAML 2.0 Logout 
Closes gh-10923
 2022-03-02 16:18:34 -07:00
Josh Cummings
6c3d183a94 Polish Saml2 Jackson Support 
Issue gh-10905
 2022-03-01 13:56:02 -07:00
Ulrich Grave
df84826c95 Add Jackson Support for Saml2 Module 
Closes gh-10905
 2022-03-01 12:07:55 -07:00
Filip Hanik
47871562ca Change HashSet to LinkedHashSet 
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
 2022-02-28 15:02:03 -07:00
Filip Hanik
70b52a001b Change HashSet to LinkedHashSet 
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
 2022-02-28 14:57:04 -07:00
Josh Cummings
3d878549f4 Remove WantAssertionsSigned 
WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.

Closes gh-10844
 2022-02-18 11:43:25 -07:00
Josh Cummings
97c18478e5 Add Skipping Decryption Error Message 
Closes gh-10220
 2022-02-16 16:10:36 -07:00
Josh Cummings
399562b2a8 Correct Test 
Issue gh-10220
 2022-02-16 16:10:36 -07:00
Josh Cummings
836335dc89 Collect All Validation Errors 
- OpenSaml4AuthenticationProvider now collects all validation errors
instead of treating some as their own exception

Issue gh-10220
 2022-02-16 16:10:19 -07:00
Josh Cummings
541a1e48b3 Add OpenSamlAssertingPartyDetails 
Closes gh-10781
 2022-02-07 14:42:17 -07:00
Josh Cummings
5c4178beb7 Fix Checkstyle Error 
Issue gh-9696
 2022-02-04 20:07:17 -07:00
Josh Cummings
70bb588a25 Polish Testing for Custom Attributes Values 
- Moved construction and management of custom objects
into TestCustomOpenSamlObjects

Issue gh-9696
 2022-02-04 19:57:54 -07:00
pelesic
3cc7f384e6 Add OpenSaml custom types to Saml2AuthenticatedPrincipal 
OpenSaml custom types are added to Saml2AutehnticatedPrincipal as
attributes.

Closes gh-9696
 2022-02-04 13:41:41 -07:00
Josh Cummings
4095d89bb3 Add EntitiesDescriptor Support 
Closes gh-10782
 2022-01-31 13:13:21 -07:00
Josh Cummings
b1a905befe Add Session Index Support 
Closes gh-10613
 2022-01-28 12:14:06 -07:00
Josh Cummings
620081ea9a Deprecate Saml2 AuthnRequest Classes 
Issue gh-10355
 2022-01-24 15:16:15 -07:00
Josh Cummings
d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Marcus Da Coregio
cca35bdd93 Make Saml2AuthenticationRequests serializable 
Closes gh-10550
 2022-01-24 08:55:26 -03:00