Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,784 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

246 Commits

Author SHA1 Message Date
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Josh Cummings d4dbe069ad Polish OpenSamlAuthenticationProvider 
- Use type-safe CriteriaSet
- Keep Assertion immutable

Closes gh-8471
 2020-05-05 16:33:17 -04:00
Josh Cummings 1da694e19c
Remove TestSaml2SigningCredentials 
Since TestSaml2X509Credentials is where tests get Saml2X509Credentials,
there is no reason for TestSaml2SigningCredentials.

Issue gh-8404
 2020-04-17 15:46:19 -06:00
Josh Cummings ab772893c7
Polish DefaultSaml2AuthenticationRequestContextResolver 
- Added more tests
- Standardized terminology

Issue gh-8360
 2020-04-17 15:46:14 -06:00
shazin 8c0bdd50e2
Delegating Saml2AuthenticationRequestContext creation to Saml2AuthenticationRequestContextResolver 
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.

This provides following API contract and implementation:

 - Saml2AuthenticationRequestContextResolver
 - DefaultSaml2AuthenticationRequestContextResolver

Fixes gh-8360
 2020-04-17 15:40:24 -06:00
Josh Cummings 8904361a37
Polish Saml Tests 
Fixes gh-8403
Fixes gh-8404
 2020-04-16 17:10:51 -06:00
Josh Cummings 7056c2d9de
Polish OpenSamlAuthenticationProviderTests 
- Added missing this keywords
- Removed unused variables
- Coded to interfaces
- Added missing JavaDoc

Issue gh-6019
 2020-04-16 17:09:46 -06:00
shazin 4e5a3a76cd
Open Saml2AuthenticationRequestContext 
Fixed gh-8356
 2020-04-13 23:58:12 -06:00
Josh Cummings 95f0d02d79
Polish Saml2WebSsoAuthenticationRequestFilter 
- Updated formatting
- Reordered methods
- Removed a method

These changes will hopefully simplify future contribution.

Issue gh-6019
 2020-04-08 16:27:46 -06:00
Josh Cummings 711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor 
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.

Fixes gh-8359
 2020-04-08 16:27:46 -06:00
Josh Cummings 887cb99926
Saml2AuthenticationRequestFilter Tests 
To confirm behavior still works as expected after making related changes.

Issue gh-8359
 2020-04-08 16:27:46 -06:00
Josh Cummings 0ca65f8677
Add Missing JavaDoc 
Issue gh-6019
 2020-04-08 16:27:46 -06:00
Josh Cummings 7f2f210eb8
Simplify OpenSamlImplementation 
- Removed reflection usage
- Simplified method signatures

Issue gh-7711
Fixes gh-8147
 2020-03-20 12:13:14 -06:00
Josh Cummings 088ea07f07
Simplify Saml2ServletUtils 
Removed one method as well as a parameter from another method

Issue gh-7711
 2020-03-20 12:13:14 -06:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7.
 2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Filip Hanik 3257349045 Support POST binding for AuthNRequest 
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
 2020-02-28 09:15:26 -08:00
Filip Hanik a51a202925 Correct signature handling for SAML2 AuthNRequest 
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
 2020-02-12 13:30:48 -08:00
Filip Hanik 43098d41cc Revert "Correct signature handling for SAML2 AuthNRequest" 
This reverts commit a3e09fadd7.
Build failure on Java 9+

XML generation does not add linefeeds by default
Change since Java 8
 2020-02-12 13:30:48 -08:00
Filip Hanik a3e09fadd7 Correct signature handling for SAML2 AuthNRequest 
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
 2020-02-12 11:40:19 -08:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Eleftheria Stein 5678490c1f Add relying party registration not found exception 
Fixes: gh-7865
 2020-02-04 09:58:54 +01:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Filip Hanik 9d26f12e86 Add an example of Base64 encoding that failed with java.util.Base64 
Revert usage to Apache Commons Codec (dependency by OpenSaml)
 2020-01-01 15:45:10 -08:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Eleftheria Stein da3f18017d Polish SAML2 principal classes 
Update @since

Issue: gh-7681
 2019-12-12 20:22:58 +01:00
Clement Stoquart 31b999e9b4 fix: make Saml2Authentication serializable 2019-12-12 17:11:00 +01:00
Clement Stoquart 0c47bfb1e3 Remove empty relay state from redirect url 2019-12-10 09:49:54 -08:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login() 
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
 2019-10-31 08:20:12 -07:00
Mike Truso a4430aa21b Fix variable reference in sample code 2019-10-29 14:04:05 -06:00
Filip Hanik 0f14844acf We will not validate IP addresses as part of assertion validation 
Fixes gh-7514

https://github.com/spring-projects/spring-security/issues/7514
 2019-10-28 20:08:42 -07:00
Brendt Lucas 8ebfba3019 Support configuration of protocol binding for authentication requests 2019-10-15 15:57:45 -05:00
Filip Hanik 83b5f5c7ae Improve the Saml2AuthenticationRequest object 
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
 2019-09-30 11:01:34 -07:00
Filip Hanik 9731386de5 Correctly set "Destination" in AuthNRequest message 
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
 2019-09-30 11:01:34 -07:00
Filip Hanik 69eacac514 Fix javadoc for RelyingPartyRegistrationRepository 2019-09-30 09:22:36 -07:00
Filip Hanik 7adb4da3ef Always require signature on either response or assertion 
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
 2019-09-30 09:22:36 -07:00
Filip Hanik 22da2b45c9 SAML Assertion validation should propagate errors: #7375 and #7375 
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375

Clean up code

- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
 2019-09-27 09:07:25 -07:00
Filip Hanik b6a057a925 OpenSAML expects type `long` representing millis for response time validation skew 
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
 2019-09-27 09:07:25 -07:00
Filip Hanik adde18b873 Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception" 
This reverts commit e9619fb0e7, reversing
changes made to 45a1490d5d.
 2019-09-24 16:05:09 -07:00
Filip Hanik d472e99528 SAML Assertion validation should propagate errors: #7375 and #7375 
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
 2019-09-24 14:40:39 -07:00
Filip Hanik 20033ffd4a OpenSAML expects type `long` representing millis for response time validation skew 
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
 2019-09-24 14:40:39 -07:00
Filip Hanik 438ae215f8 Upgrade to OpenSAML 3.4.3 
Fixes gh-7392
 2019-09-06 08:04:15 -07:00
Josh Cummings c716b400a1
Update to OpenSaml 3.3.1 
Fixes gh-7388
 2019-09-06 07:20:13 -06:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00