Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,784 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

246 Commits

Author SHA1 Message Date
Josh Cummings 506e50bfd0
Move Saml2 Authentication Filters 
Issue gh-8819
 2022-09-26 10:44:27 -06:00
Marcus Da Coregio 0c96989cbe Move script tag into body element 
Closes gh-11879
 2022-09-19 15:46:23 -03:00
Marcus Da Coregio 7359bd5949 Move SAML Post inline javascript to script tag 
To avoid relying on HTML event handlers and adding unsafe-* rules to CSP, the javascript is moved to a <script> tag. This also allows a better browser compatibility

Closes gh-11676
 2022-08-16 15:06:10 -06:00
Ulrich Grave 409998a3fe Add hash-based Content-Security-Policy for SAML pages 
Closes gh-11631
 2022-07-27 17:59:42 -06:00
Josh Cummings 561f65b34d
Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:40:20 -06:00
Josh Cummings 3c8a80c364
Add SecurityContextHolderStrategy to Saml2 
Issue gh-11060
 2022-06-27 13:05:11 -06:00
Josh Cummings 812bb0ead0
Add missing KeyInfo 
Closes gh-11354
 2022-06-09 13:12:52 -06:00
Josh Cummings bb9c7d1b6e
Add OpenSamlSigningUtilsTests 
Issue gh-11354
 2022-06-09 13:12:33 -06:00
Jared Rufer 3ca4b06612
Support multiple SingleLogoutService bindings. 
Closes gh-11286
 2022-06-09 12:56:16 -06:00
j3graham 29ba67b6d7 Remove dependency on commons-codec by using java.util.Base64 
Closes gh-11318
 2022-06-09 06:50:01 -06:00
Houssem BELHADJ AHMED fc653bb81a
make SAML authentication request uri configurable 
Closes gh-10840
 2022-06-06 12:49:29 -06:00
Marcus Da Coregio e20323e0a8 Use Java 11 Toolchain for OpenSaml4 compile 
Issue gh-10816
 2022-06-02 19:24:42 +02:00
Claudio Consolmagno b1004aff4e
Use 'md:' prefix in EntityDescriptor XML 
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
 2022-05-31 17:07:18 -06:00
Juny Tse 16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 11:43:50 -06:00
Josh Cummings 53e509f0c6
Remove duplicate check 
Closes gh-11192
 2022-05-23 16:00:15 -06:00
Josh Cummings b51c71c3b3
Use original query string to verify signature 
Closes gh-11235
 2022-05-23 13:56:28 -06:00
Ulrich Grave 9b874bcde2 Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest 
Closes gh-11195
 2022-05-17 16:21:54 -06:00
Josh Cummings 13795cdec1
Polish Relay State Resolver 
Issue gh-11065
 2022-05-05 17:28:30 -06:00
sebastiano 4dfc349914
Allow custom relay state 
Closes gh-11065
 2022-05-05 17:26:39 -06:00
Ulrich Grave 3cbb60750d Add Jackson Support for Saml2AuthenticationException 
Closes gh-11169
 2022-05-02 17:41:52 -05:00
Marcus Da Coregio bb0c336ae8 Deprecate Saml2AuthenticationRequestFactory 
Closes gh-11080
 2022-04-08 09:32:03 -03:00
Josh Cummings cf29bf996c
Polish InResponseTo support 
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once

Issue gh-9174
 2022-03-15 14:06:58 -06:00
Elias Lousseief 3c878549b5
Add support for validation of InResponseTo 
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).

Closes gh-9174
 2022-03-15 14:06:57 -06:00
Elias Lousseief 836f203d44
Refactored OpenSaml4AuthenticationProviderTests 
Factored out repeatedly used code for signing a request.
 2022-03-15 14:06:57 -06:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Josh Cummings ff87cfce3a Polish EntityDescriptor Customizer 
Issue gh-10839
 2022-03-04 10:42:04 -07:00
Ulrich Grave d225205bf2 Add method to customize EntityDescriptor 
Closes gh-10839
 2022-03-04 10:42:04 -07:00
Josh Cummings 923c61e9d2 Polish Formatting 
Issue gh-10799
 2022-03-02 16:37:58 -07:00
Sander van Schouwenburg 14d0663ae2 Preserve order of RelyingPartRegistration credentials 
Issue gh-10799
 2022-03-02 16:37:58 -07:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:19:03 -07:00
Josh Cummings 238616da80 Use RFC2045 Encoding for SAML 2.0 Logout 
Closes gh-10923
 2022-03-02 16:18:34 -07:00
Josh Cummings 6c3d183a94 Polish Saml2 Jackson Support 
Issue gh-10905
 2022-03-01 13:56:02 -07:00
Ulrich Grave df84826c95 Add Jackson Support for Saml2 Module 
Closes gh-10905
 2022-03-01 12:07:55 -07:00
Filip Hanik 70b52a001b Change HashSet to LinkedHashSet 
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
 2022-02-28 14:57:04 -07:00
Josh Cummings 3d878549f4 Remove WantAssertionsSigned 
WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.

Closes gh-10844
 2022-02-18 11:43:25 -07:00
Josh Cummings 97c18478e5 Add Skipping Decryption Error Message 
Closes gh-10220
 2022-02-16 16:10:36 -07:00
Josh Cummings 399562b2a8 Correct Test 
Issue gh-10220
 2022-02-16 16:10:36 -07:00
Josh Cummings 836335dc89 Collect All Validation Errors 
- OpenSaml4AuthenticationProvider now collects all validation errors
instead of treating some as their own exception

Issue gh-10220
 2022-02-16 16:10:19 -07:00
Josh Cummings 541a1e48b3 Add OpenSamlAssertingPartyDetails 
Closes gh-10781
 2022-02-07 14:42:17 -07:00
Josh Cummings 5c4178beb7 Fix Checkstyle Error 
Issue gh-9696
 2022-02-04 20:07:17 -07:00
Josh Cummings 70bb588a25 Polish Testing for Custom Attributes Values 
- Moved construction and management of custom objects
into TestCustomOpenSamlObjects

Issue gh-9696
 2022-02-04 19:57:54 -07:00
pelesic 3cc7f384e6 Add OpenSaml custom types to Saml2AuthenticatedPrincipal 
OpenSaml custom types are added to Saml2AutehnticatedPrincipal as
attributes.

Closes gh-9696
 2022-02-04 13:41:41 -07:00
Josh Cummings 4095d89bb3 Add EntitiesDescriptor Support 
Closes gh-10782
 2022-01-31 13:13:21 -07:00
Josh Cummings b1a905befe Add Session Index Support 
Closes gh-10613
 2022-01-28 12:14:06 -07:00
Josh Cummings 620081ea9a Deprecate Saml2 AuthnRequest Classes 
Issue gh-10355
 2022-01-24 15:16:15 -07:00
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Marcus Da Coregio cca35bdd93 Make Saml2AuthenticationRequests serializable 
Closes gh-10550
 2022-01-24 08:55:26 -03:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Josh Cummings 3c45d46bd7 Polish LogoutRequest#EncryptedID Support 
Issue gh-10663
 2022-01-14 14:44:24 -07:00
Robert Stoiber 700cae8d3b Enabled SAML LogoutRequests with EncryptedID 
The OpenSamlLogoutRequestValidator validates the subject to be logged out.
Formerly this was done only using the NameID from the OpenSamlLogoutRequest.
Now the EncryptedID is also supported, Since the SAML2 Standard also allows
the EncryptedID as subject identifiers,

- added EncryptedID as valid subject in OpenSamlLogoutRequestValidator
- added test

Closes gh-10663
 2022-01-14 14:44:11 -07:00