8c0bdd50e2
Delegating Saml2AuthenticationRequestContext creation to Saml2AuthenticationRequestContextResolver
...
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.
This provides following API contract and implementation:
- Saml2AuthenticationRequestContextResolver
- DefaultSaml2AuthenticationRequestContextResolver
Fixes gh-8360
2020-04-17 15:40:24 -06:00
8904361a37
Polish Saml Tests
...
Fixes gh-8403
Fixes gh-8404
2020-04-16 17:10:51 -06:00
7056c2d9de
Polish OpenSamlAuthenticationProviderTests
...
- Added missing this keywords
- Removed unused variables
- Coded to interfaces
- Added missing JavaDoc
Issue gh-6019
2020-04-16 17:09:46 -06:00
4e5a3a76cd
Open Saml2AuthenticationRequestContext
...
Fixed gh-8356
2020-04-13 23:58:12 -06:00
95f0d02d79
Polish Saml2WebSsoAuthenticationRequestFilter
...
- Updated formatting
- Reordered methods
- Removed a method
These changes will hopefully simplify future contribution.
Issue gh-6019
2020-04-08 16:27:46 -06:00
711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor
...
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.
Fixes gh-8359
2020-04-08 16:27:46 -06:00
887cb99926
Saml2AuthenticationRequestFilter Tests
...
To confirm behavior still works as expected after making related changes.
Issue gh-8359
2020-04-08 16:27:46 -06:00
0ca65f8677
Add Missing JavaDoc
...
Issue gh-6019
2020-04-08 16:27:46 -06:00
7f2f210eb8
Simplify OpenSamlImplementation
...
- Removed reflection usage
- Simplified method signatures
Issue gh-7711
Fixes gh-8147
2020-03-20 12:13:14 -06:00
088ea07f07
Simplify Saml2ServletUtils
...
Removed one method as well as a parameter from another method
Issue gh-7711
2020-03-20 12:13:14 -06:00
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
2020-03-04 12:02:48 -07:00
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
3257349045
Support POST binding for AuthNRequest
...
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
a51a202925
Correct signature handling for SAML2 AuthNRequest
...
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
Fixes gh-7711
2020-02-12 13:30:48 -08:00
43098d41cc
Revert "Correct signature handling for SAML2 AuthNRequest"
...
This reverts commit a3e09fadd7
2020-02-12 13:30:48 -08:00
a3e09fadd7
Correct signature handling for SAML2 AuthNRequest
...
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
Fixes gh-7711
2020-02-12 11:40:19 -08:00
84b8a5abd7
Unlock dependencies for next development version
...
This reverts commit 064616f1ef
2020-02-05 15:53:04 +01:00
064616f1ef
Lock dependencies for 5.3.0.RC1
2020-02-05 10:20:05 +01:00
5678490c1f
Add relying party registration not found exception
...
Fixes: gh-7865
2020-02-04 09:58:54 +01:00
fcc6457bef
Unlock dependencies for next development version
...
This reverts commit 93acf8f0f1
2020-01-08 22:15:17 +01:00
93acf8f0f1
Lock dependencies for 5.3.0.M1
2020-01-08 19:41:10 +01:00
9d26f12e86
Add an example of Base64 encoding that failed with java.util.Base64
...
Revert usage to Apache Commons Codec (dependency by OpenSaml)
2020-01-01 15:45:10 -08:00
af415948b1
Allow configuration of AuthenticationManagerResolver in saml2Login()
...
Fixes gh-7654
https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
da3f18017d
Polish SAML2 principal classes
...
Update @since
Issue: gh-7681
2019-12-12 20:22:58 +01:00
31b999e9b4
fix: make Saml2Authentication serializable
2019-12-12 17:11:00 +01:00
0c47bfb1e3
Remove empty relay state from redirect url
2019-12-10 09:49:54 -08:00
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
a4430aa21b
Fix variable reference in sample code
2019-10-29 14:04:05 -06:00
0f14844acf
We will not validate IP addresses as part of assertion validation
...
Fixes gh-7514
https://github.com/spring-projects/spring-security/issues/7514
2019-10-28 20:08:42 -07:00
8ebfba3019
Support configuration of protocol binding for authentication requests
2019-10-15 15:57:45 -05:00
83b5f5c7ae
Improve the Saml2AuthenticationRequest object
...
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
2019-09-30 11:01:34 -07:00
9731386de5
Correctly set "Destination" in AuthNRequest message
...
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
2019-09-30 11:01:34 -07:00
69eacac514
Fix javadoc for RelyingPartyRegistrationRepository
2019-09-30 09:22:36 -07:00
7adb4da3ef
Always require signature on either response or assertion
...
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
2019-09-30 09:22:36 -07:00
22da2b45c9
SAML Assertion validation should propagate errors: #7375 and #7375
...
Fixes gh-7377
Fixes gh-7375
https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
Clean up code
- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
2019-09-27 09:07:25 -07:00
b6a057a925
OpenSAML expects type `long` representing millis for response time validation skew
...
Fixes gh-7448
https://github.com/spring-projects/spring-security/issues/7448
2019-09-27 09:07:25 -07:00
adde18b873
Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception"
...
This reverts commit e9619fb0e745a1490d5d
2019-09-24 16:05:09 -07:00
d472e99528
SAML Assertion validation should propagate errors: #7375 and #7375
...
Fixes gh-7377
Fixes gh-7375
https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
2019-09-24 14:40:39 -07:00
20033ffd4a
OpenSAML expects type `long` representing millis for response time validation skew
...
Fixes gh-7448
https://github.com/spring-projects/spring-security/issues/7448
2019-09-24 14:40:39 -07:00
438ae215f8
Upgrade to OpenSAML 3.4.3
...
Fixes gh-7392
2019-09-06 08:04:15 -07:00
c716b400a1
Update to OpenSaml 3.3.1
...
Fixes gh-7388
2019-09-06 07:20:13 -06:00
e9a44bc0ce
HttpSecurity.saml2login() - MVP Core Code
...
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:
- Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
- Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
- Supports basic java-configuration via DSL
- Provides an integration sample using Spring Boot
Not implemented with this MVP
- Single Logout
- Dynamic Service Provider Metadata
Fixes gh-6019
2019-09-05 14:40:08 -07:00
shazin
Josh Cummings
Filip Hanik
Eleftheria Stein
Clement Stoquart
Clement Stoquart
Mike Truso
Brendt Lucas