Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,826 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

192 Commits

Author SHA1 Message Date
Josh Cummings 3694485056
Polish SAML 2.0 Default Assertion Validator 
In several cases, taking a pre-set ValidationContext is not sufficient.
For example, the recipient is calculated via the
RelyingPartyRegistration that's currently in the context of the
request.

Instead, then, createDefaultAssertionValidator was broken up into two
different methods: One that takes no parameters and assumes the class's
default ValidationContext, and another that takes a converter to derive
the ValidationContext from the incoming authentication token.

Issue gh-8970
 2020-08-19 13:58:42 -06:00
Josh Cummings da7477cd41
Add Response to Authentication Conversion Support 
Closes gh-8010
 2020-08-18 17:49:34 -06:00
Josh Cummings 0c696dd58b
Remove XSAnyMarshaller AttributeValue Support 
In favor of customizing the authentication converter

Closes gh-8864
 2020-08-18 17:42:04 -06:00
Josh Cummings 7b3dda161b
Generalize SAML 2.0 Assertion Validation Support 
Closes gh-8970
 2020-08-18 12:23:42 -06:00
Phillip Webb 27ac046d8a Rename *Test.java -> *Tests.java 
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1" 
This reverts commit f3a1e5d40c.
 2020-08-05 14:59:11 -04:00
Joe Grandja f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Josh Cummings a701555318
Polish Saml2AuthenticationTokenConverter 
Issue gh-8768
 2020-08-05 10:08:47 -06:00
Josh Cummings f82190b414
Add RelyingPartyRegistrations 
Closes gh-8484
 2020-08-05 10:08:47 -06:00
Josh Cummings 506786f46e
Replaced Spaces with Tabs 
Updated the .gradle file for SAML 2.0 Service Provider to use tabs
 2020-08-05 10:08:47 -06:00
Josh Cummings b999faa5a0
Complete SAML 2.0 SP Metadata Endpoint 
Closes gh-8693
 2020-08-05 10:08:47 -06:00
Jakub Kubrynski 8a355240bc
SAML 2.0 SP Metadata Endpoint Support 
Issue gh-8693
 2020-08-05 10:08:47 -06:00
Josh Cummings 31bae546e2
Removed Unused Files 
Saml2Utils and Saml2ServletUtils are no longer used

Issue gh-8768
 2020-08-05 10:08:46 -06:00
Josh Cummings 5061ae9e79
Add Saml2AuthenticationTokenConverter 
Closes gh-8768
 2020-08-04 18:41:43 -06:00
Josh Cummings a10c2c6cf8
Polish DefaultSaml2AuthenticationRequestContextResolver 
Issue gh-8360
Issue gh-8887
 2020-08-04 17:29:13 -06:00
Josh Cummings 015281ff53
Add DefaultRelyingPartyRegistrationResolver 
Closes gh-8887
 2020-08-04 17:29:10 -06:00
Josh Cummings a402c3884a
Add ConditionValidator Support 
Closes gh-8769
 2020-08-04 13:05:23 -06:00
Josh Cummings d9d8253603
Polish OpenSamlAuthenticationProvider 
Issue gh-8769
 2020-08-04 13:05:23 -06:00
Josh Cummings a32de931d3
Polish Javadoc 
Issue gh-6019
 2020-07-28 16:04:06 -06:00
Josh Cummings 79dca94ce1
Simplify Tests 
Issue gh-8772
 2020-07-24 17:44:10 -06:00
Joakim Löfgren eccd929819 Update SimpleSaml2AuthenticatedPrincipal class name 
Rename it to DefaultSaml2AuthenticatedPrincipal to be more in line with
the respective class in the OAuth2 module.

Also make the class public to be able to whitelist the SAML2 auth classes
in Jackson object mappers for deserialization in e.g. Spring Session MongoDB.

Closes gh-8852
 2020-07-23 16:53:32 -06:00
Josh Cummings 08849e2652
Remove OpenSamlImplementation 
Closes gh-8775
 2020-07-23 16:09:02 -06:00
Josh Cummings 5779121da6
OpenSamlAuthenticationRequestFactory Uses OpenSAML Directly 
Closes gh-8774
 2020-07-23 16:09:02 -06:00
Josh Cummings 2e2da06bdb
OpenSamlAuthenticationProvider Uses OpenSAML Directly 
Closes gh-8773
 2020-07-23 16:09:02 -06:00
Josh Cummings 77128a94e2
Add OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter 
Closes gh-8877
 2020-07-23 15:32:22 -06:00
Josh Cummings 2276fcf34a
Add OpenSamlInitializationService 
Closes gh-8772
 2020-07-23 15:03:16 -06:00
Josh Cummings 43f2904059
Add ACS Location Default 
Closes gh-8876
 2020-07-23 15:03:16 -06:00
Josh Cummings 97ccbe5df2
Polish Saml2X509Credential Factories 
Issue gh-8789
 2020-07-20 15:50:16 -06:00
Thomas Vitale 3978cc591f
Add Static Factories to Saml2X509Credential 
- Add static factories to Saml2X509Credential for verification, encryption,
signing, and decryption.
- Add unit tests for new static factories in Saml2X509Credential.

Fixes gh-8789
 2020-07-20 15:29:48 -06:00
Josh Cummings 56928f61f0
Separate RP and AP Credentials 
Closes gh-8788
 2020-07-20 14:19:33 -06:00
Josh Cummings a54e77a3c3
Saml2AuthenticationToken takes a RelyingPartyRegistration 
Closes gh-8845
 2020-07-17 12:19:27 -06:00
Josh Cummings 44ec061f05
Add AssertionConsumerServiceBinding 
Closes gh-8776
 2020-07-16 16:22:38 -06:00
Josh Cummings 2c960d2ad1
Add AuthnRequestConsumerResolver 
Closes gh-8141
 2020-07-16 14:53:22 -06:00
Josh Cummings 2e5c87dc75
Restore Binary Compatibility 
Issue gh-8835
 2020-07-16 11:10:20 -06:00
Josh Cummings b02e344c73
Move Saml2Error 
Move to core package

Closes gh-8835
 2020-07-15 20:09:45 -06:00
Josh Cummings 5bfc6ea25a
Refactor OpenSamlAuthenticationProvider 
Refactored into collaborators in preparation for introducing setters

Issue gh-8769
 2020-07-14 18:15:18 -06:00
Josh Cummings 8e8a642e5a
Use Spec Language in RelyingPartyRegistration 
Changed conventions to better follow the metadata descriptors that
the registration is meant to represent.

Closes gh-8777
 2020-07-07 17:12:39 -06:00
Josh Cummings 146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2" 
This reverts commit 68538897c8.
 2020-07-01 13:11:50 -06:00
Josh Cummings 68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
Josh Cummings a344dbdb8c
Use AssertJ 
Issue gh-3384
 2020-06-18 11:54:33 -06:00
Josh Cummings 360db53dd2
Polish SAML Attribute Support 
Issue gh-8661
 2020-06-18 11:42:49 -06:00
Nikola Kostic eed33228f4
Add SAML Attribute Support 
Closes gh-8661
 2020-06-18 11:42:48 -06:00
Josh Cummings 8e7c4c143c
Add TestSaml2AuthenticationRequestContexts 
Issue gh-8552
 2020-05-18 21:08:03 -06:00
Josh Cummings 9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Josh Cummings 7c7934c052
Remove Extra TestSaml2X509Credentials 
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
 2020-05-18 10:08:27 -06:00
Joe Grandja 86ca6b013c Unlock dependencies 
This reverts commit 206960cf44.
 2020-05-06 17:27:35 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Josh Cummings d4dbe069ad Polish OpenSamlAuthenticationProvider 
- Use type-safe CriteriaSet
- Keep Assertion immutable

Closes gh-8471
 2020-05-05 16:33:17 -04:00
Josh Cummings 1da694e19c
Remove TestSaml2SigningCredentials 
Since TestSaml2X509Credentials is where tests get Saml2X509Credentials,
there is no reason for TestSaml2SigningCredentials.

Issue gh-8404
 2020-04-17 15:46:19 -06:00
Josh Cummings ab772893c7
Polish DefaultSaml2AuthenticationRequestContextResolver 
- Added more tests
- Standardized terminology

Issue gh-8360
 2020-04-17 15:46:14 -06:00
shazin 8c0bdd50e2
Delegating Saml2AuthenticationRequestContext creation to Saml2AuthenticationRequestContextResolver 
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.

This provides following API contract and implementation:

 - Saml2AuthenticationRequestContextResolver
 - DefaultSaml2AuthenticationRequestContextResolver

Fixes gh-8360
 2020-04-17 15:40:24 -06:00
Josh Cummings 8904361a37
Polish Saml Tests 
Fixes gh-8403
Fixes gh-8404
 2020-04-16 17:10:51 -06:00
Josh Cummings 7056c2d9de
Polish OpenSamlAuthenticationProviderTests 
- Added missing this keywords
- Removed unused variables
- Coded to interfaces
- Added missing JavaDoc

Issue gh-6019
 2020-04-16 17:09:46 -06:00
shazin 4e5a3a76cd
Open Saml2AuthenticationRequestContext 
Fixed gh-8356
 2020-04-13 23:58:12 -06:00
Josh Cummings 95f0d02d79
Polish Saml2WebSsoAuthenticationRequestFilter 
- Updated formatting
- Reordered methods
- Removed a method

These changes will hopefully simplify future contribution.

Issue gh-6019
 2020-04-08 16:27:46 -06:00
Josh Cummings 711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor 
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.

Fixes gh-8359
 2020-04-08 16:27:46 -06:00
Josh Cummings 887cb99926
Saml2AuthenticationRequestFilter Tests 
To confirm behavior still works as expected after making related changes.

Issue gh-8359
 2020-04-08 16:27:46 -06:00
Josh Cummings 0ca65f8677
Add Missing JavaDoc 
Issue gh-6019
 2020-04-08 16:27:46 -06:00
Josh Cummings 7f2f210eb8
Simplify OpenSamlImplementation 
- Removed reflection usage
- Simplified method signatures

Issue gh-7711
Fixes gh-8147
 2020-03-20 12:13:14 -06:00
Josh Cummings 088ea07f07
Simplify Saml2ServletUtils 
Removed one method as well as a parameter from another method

Issue gh-7711
 2020-03-20 12:13:14 -06:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7.
 2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Filip Hanik 3257349045 Support POST binding for AuthNRequest 
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
 2020-02-28 09:15:26 -08:00
Filip Hanik a51a202925 Correct signature handling for SAML2 AuthNRequest 
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
 2020-02-12 13:30:48 -08:00
Filip Hanik 43098d41cc Revert "Correct signature handling for SAML2 AuthNRequest" 
This reverts commit a3e09fadd7.
Build failure on Java 9+

XML generation does not add linefeeds by default
Change since Java 8
 2020-02-12 13:30:48 -08:00
Filip Hanik a3e09fadd7 Correct signature handling for SAML2 AuthNRequest 
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
 2020-02-12 11:40:19 -08:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Eleftheria Stein 5678490c1f Add relying party registration not found exception 
Fixes: gh-7865
 2020-02-04 09:58:54 +01:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Filip Hanik 9d26f12e86 Add an example of Base64 encoding that failed with java.util.Base64 
Revert usage to Apache Commons Codec (dependency by OpenSaml)
 2020-01-01 15:45:10 -08:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Eleftheria Stein da3f18017d Polish SAML2 principal classes 
Update @since

Issue: gh-7681
 2019-12-12 20:22:58 +01:00
Clement Stoquart 31b999e9b4 fix: make Saml2Authentication serializable 2019-12-12 17:11:00 +01:00
Clement Stoquart 0c47bfb1e3 Remove empty relay state from redirect url 2019-12-10 09:49:54 -08:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login() 
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
 2019-10-31 08:20:12 -07:00
Mike Truso a4430aa21b Fix variable reference in sample code 2019-10-29 14:04:05 -06:00
Filip Hanik 0f14844acf We will not validate IP addresses as part of assertion validation 
Fixes gh-7514

https://github.com/spring-projects/spring-security/issues/7514
 2019-10-28 20:08:42 -07:00
Brendt Lucas 8ebfba3019 Support configuration of protocol binding for authentication requests 2019-10-15 15:57:45 -05:00
Filip Hanik 83b5f5c7ae Improve the Saml2AuthenticationRequest object 
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
 2019-09-30 11:01:34 -07:00
Filip Hanik 9731386de5 Correctly set "Destination" in AuthNRequest message 
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
 2019-09-30 11:01:34 -07:00
Filip Hanik 69eacac514 Fix javadoc for RelyingPartyRegistrationRepository 2019-09-30 09:22:36 -07:00
Filip Hanik 7adb4da3ef Always require signature on either response or assertion 
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
 2019-09-30 09:22:36 -07:00
Filip Hanik 22da2b45c9 SAML Assertion validation should propagate errors: #7375 and #7375 
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375

Clean up code

- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
 2019-09-27 09:07:25 -07:00
Filip Hanik b6a057a925 OpenSAML expects type `long` representing millis for response time validation skew 
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
 2019-09-27 09:07:25 -07:00
Filip Hanik adde18b873 Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception" 
This reverts commit e9619fb0e7, reversing
changes made to 45a1490d5d.
 2019-09-24 16:05:09 -07:00
Filip Hanik d472e99528 SAML Assertion validation should propagate errors: #7375 and #7375 
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
 2019-09-24 14:40:39 -07:00
Filip Hanik 20033ffd4a OpenSAML expects type `long` representing millis for response time validation skew 
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
 2019-09-24 14:40:39 -07:00
Filip Hanik 438ae215f8 Upgrade to OpenSAML 3.4.3 
Fixes gh-7392
 2019-09-06 08:04:15 -07:00
Josh Cummings c716b400a1
Update to OpenSaml 3.3.1 
Fixes gh-7388
 2019-09-06 07:20:13 -06:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00