Josh Cummings
8e8a642e5a
Use Spec Language in RelyingPartyRegistration
...
Changed conventions to better follow the metadata descriptors that
the registration is meant to represent.
Closes gh-8777
2020-07-07 17:12:39 -06:00
Josh Cummings
146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
...
This reverts commit 68538897c8
.
2020-07-01 13:11:50 -06:00
Josh Cummings
68538897c8
Lock Dependency Versions for 5.4.0-M2
2020-07-01 12:40:29 -06:00
Josh Cummings
a344dbdb8c
Use AssertJ
...
Issue gh-3384
2020-06-18 11:54:33 -06:00
Josh Cummings
360db53dd2
Polish SAML Attribute Support
...
Issue gh-8661
2020-06-18 11:42:49 -06:00
Nikola Kostic
eed33228f4
Add SAML Attribute Support
...
Closes gh-8661
2020-06-18 11:42:48 -06:00
Josh Cummings
8e7c4c143c
Add TestSaml2AuthenticationRequestContexts
...
Issue gh-8552
2020-05-18 21:08:03 -06:00
Josh Cummings
9241cd2892
Move TestRelyingPartyRegistrations
...
Fixes gh-8551
2020-05-18 16:38:40 -06:00
Josh Cummings
7c7934c052
Remove Extra TestSaml2X509Credentials
...
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials
Issue gh-8404
2020-05-18 10:08:27 -06:00
Joe Grandja
86ca6b013c
Unlock dependencies
...
This reverts commit 206960cf44
.
2020-05-06 17:27:35 -04:00
Joe Grandja
206960cf44
Lock dependencies for 5.4.0-M1
2020-05-06 17:13:04 -04:00
Josh Cummings
d4dbe069ad
Polish OpenSamlAuthenticationProvider
...
- Use type-safe CriteriaSet
- Keep Assertion immutable
Closes gh-8471
2020-05-05 16:33:17 -04:00
Josh Cummings
1da694e19c
Remove TestSaml2SigningCredentials
...
Since TestSaml2X509Credentials is where tests get Saml2X509Credentials,
there is no reason for TestSaml2SigningCredentials.
Issue gh-8404
2020-04-17 15:46:19 -06:00
Josh Cummings
ab772893c7
Polish DefaultSaml2AuthenticationRequestContextResolver
...
- Added more tests
- Standardized terminology
Issue gh-8360
2020-04-17 15:46:14 -06:00
shazin
8c0bdd50e2
Delegating Saml2AuthenticationRequestContext creation to Saml2AuthenticationRequestContextResolver
...
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.
This provides following API contract and implementation:
- Saml2AuthenticationRequestContextResolver
- DefaultSaml2AuthenticationRequestContextResolver
Fixes gh-8360
2020-04-17 15:40:24 -06:00
Josh Cummings
8904361a37
Polish Saml Tests
...
Fixes gh-8403
Fixes gh-8404
2020-04-16 17:10:51 -06:00
Josh Cummings
7056c2d9de
Polish OpenSamlAuthenticationProviderTests
...
- Added missing this keywords
- Removed unused variables
- Coded to interfaces
- Added missing JavaDoc
Issue gh-6019
2020-04-16 17:09:46 -06:00
shazin
4e5a3a76cd
Open Saml2AuthenticationRequestContext
...
Fixed gh-8356
2020-04-13 23:58:12 -06:00
Josh Cummings
95f0d02d79
Polish Saml2WebSsoAuthenticationRequestFilter
...
- Updated formatting
- Reordered methods
- Removed a method
These changes will hopefully simplify future contribution.
Issue gh-6019
2020-04-08 16:27:46 -06:00
Josh Cummings
711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor
...
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.
Fixes gh-8359
2020-04-08 16:27:46 -06:00
Josh Cummings
887cb99926
Saml2AuthenticationRequestFilter Tests
...
To confirm behavior still works as expected after making related changes.
Issue gh-8359
2020-04-08 16:27:46 -06:00
Josh Cummings
0ca65f8677
Add Missing JavaDoc
...
Issue gh-6019
2020-04-08 16:27:46 -06:00
Josh Cummings
7f2f210eb8
Simplify OpenSamlImplementation
...
- Removed reflection usage
- Simplified method signatures
Issue gh-7711
Fixes gh-8147
2020-03-20 12:13:14 -06:00
Josh Cummings
088ea07f07
Simplify Saml2ServletUtils
...
Removed one method as well as a parameter from another method
Issue gh-7711
2020-03-20 12:13:14 -06:00
Josh Cummings
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
.
2020-03-04 12:02:48 -07:00
Josh Cummings
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
Filip Hanik
3257349045
Support POST binding for AuthNRequest
...
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
Filip Hanik
a51a202925
Correct signature handling for SAML2 AuthNRequest
...
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
Fixes gh-7711
2020-02-12 13:30:48 -08:00
Filip Hanik
43098d41cc
Revert "Correct signature handling for SAML2 AuthNRequest"
...
This reverts commit a3e09fadd7
.
Build failure on Java 9+
XML generation does not add linefeeds by default
Change since Java 8
2020-02-12 13:30:48 -08:00
Filip Hanik
a3e09fadd7
Correct signature handling for SAML2 AuthNRequest
...
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
Fixes gh-7711
2020-02-12 11:40:19 -08:00
Eleftheria Stein
84b8a5abd7
Unlock dependencies for next development version
...
This reverts commit 064616f1ef
.
2020-02-05 15:53:04 +01:00
Eleftheria Stein
064616f1ef
Lock dependencies for 5.3.0.RC1
2020-02-05 10:20:05 +01:00
Eleftheria Stein
5678490c1f
Add relying party registration not found exception
...
Fixes: gh-7865
2020-02-04 09:58:54 +01:00
Eleftheria Stein
fcc6457bef
Unlock dependencies for next development version
...
This reverts commit 93acf8f0f1
.
2020-01-08 22:15:17 +01:00
Eleftheria Stein
93acf8f0f1
Lock dependencies for 5.3.0.M1
2020-01-08 19:41:10 +01:00
Filip Hanik
9d26f12e86
Add an example of Base64 encoding that failed with java.util.Base64
...
Revert usage to Apache Commons Codec (dependency by OpenSaml)
2020-01-01 15:45:10 -08:00
Filip Hanik
af415948b1
Allow configuration of AuthenticationManagerResolver in saml2Login()
...
Fixes gh-7654
https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
Eleftheria Stein
da3f18017d
Polish SAML2 principal classes
...
Update @since
Issue: gh-7681
2019-12-12 20:22:58 +01:00
Clement Stoquart
31b999e9b4
fix: make Saml2Authentication serializable
2019-12-12 17:11:00 +01:00
Clement Stoquart
0c47bfb1e3
Remove empty relay state from redirect url
2019-12-10 09:49:54 -08:00
Filip Hanik
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
Mike Truso
a4430aa21b
Fix variable reference in sample code
2019-10-29 14:04:05 -06:00
Filip Hanik
0f14844acf
We will not validate IP addresses as part of assertion validation
...
Fixes gh-7514
https://github.com/spring-projects/spring-security/issues/7514
2019-10-28 20:08:42 -07:00
Brendt Lucas
8ebfba3019
Support configuration of protocol binding for authentication requests
2019-10-15 15:57:45 -05:00
Filip Hanik
83b5f5c7ae
Improve the Saml2AuthenticationRequest object
...
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
2019-09-30 11:01:34 -07:00
Filip Hanik
9731386de5
Correctly set "Destination" in AuthNRequest message
...
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
2019-09-30 11:01:34 -07:00
Filip Hanik
69eacac514
Fix javadoc for RelyingPartyRegistrationRepository
2019-09-30 09:22:36 -07:00
Filip Hanik
7adb4da3ef
Always require signature on either response or assertion
...
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
2019-09-30 09:22:36 -07:00
Filip Hanik
22da2b45c9
SAML Assertion validation should propagate errors: #7375 and #7375
...
Fixes gh-7377
Fixes gh-7375
https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
Clean up code
- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
2019-09-27 09:07:25 -07:00
Filip Hanik
b6a057a925
OpenSAML expects type `long` representing millis for response time validation skew
...
Fixes gh-7448
https://github.com/spring-projects/spring-security/issues/7448
2019-09-27 09:07:25 -07:00
Filip Hanik
adde18b873
Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception"
...
This reverts commit e9619fb0e7
, reversing
changes made to 45a1490d5d
.
2019-09-24 16:05:09 -07:00
Filip Hanik
d472e99528
SAML Assertion validation should propagate errors: #7375 and #7375
...
Fixes gh-7377
Fixes gh-7375
https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
2019-09-24 14:40:39 -07:00
Filip Hanik
20033ffd4a
OpenSAML expects type `long` representing millis for response time validation skew
...
Fixes gh-7448
https://github.com/spring-projects/spring-security/issues/7448
2019-09-24 14:40:39 -07:00
Filip Hanik
438ae215f8
Upgrade to OpenSAML 3.4.3
...
Fixes gh-7392
2019-09-06 08:04:15 -07:00
Josh Cummings
c716b400a1
Update to OpenSaml 3.3.1
...
Fixes gh-7388
2019-09-06 07:20:13 -06:00
Filip Hanik
e9a44bc0ce
HttpSecurity.saml2login() - MVP Core Code
...
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:
- Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
- Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
- Supports basic java-configuration via DSL
- Provides an integration sample using Spring Boot
Not implemented with this MVP
- Single Logout
- Dynamic Service Provider Metadata
Fixes gh-6019
2019-09-05 14:40:08 -07:00