Commit Graph

450 Commits

Author SHA1 Message Date
Sander van Schouwenburg 14d0663ae2 Preserve order of RelyingPartRegistration credentials
Issue gh-10799
2022-03-02 16:37:58 -07:00
Josh Cummings 346038d66c Polish Formatting
Issue gh-10799
2022-03-02 16:36:23 -07:00
Sander van Schouwenburg c734b4b39e Preserve order of RelyingPartRegistration credentials
Issue gh-10799
2022-03-02 16:36:23 -07:00
Josh Cummings 5b9a45de01 Replace Apache Commons Base64 Decoding
Issue gh-10923
2022-03-02 16:30:21 -07:00
Josh Cummings 0b59e7797d Use RFC2045 Encoding for SAML 2.0 Logout
Closes gh-10923
2022-03-02 16:30:21 -07:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding
Issue gh-10923
2022-03-02 16:19:03 -07:00
Josh Cummings 238616da80 Use RFC2045 Encoding for SAML 2.0 Logout
Closes gh-10923
2022-03-02 16:18:34 -07:00
Josh Cummings 4ede1feae5 Polish Saml2 Jackson Support
Issue gh-10905
2022-03-01 14:17:17 -07:00
Ulrich Grave 2334610fa9 Add Jackson Support for Saml2 Module
Closes gh-10905
2022-03-01 14:17:17 -07:00
Josh Cummings 6c3d183a94 Polish Saml2 Jackson Support
Issue gh-10905
2022-03-01 13:56:02 -07:00
Ulrich Grave df84826c95 Add Jackson Support for Saml2 Module
Closes gh-10905
2022-03-01 12:07:55 -07:00
Filip Hanik 47871562ca Change HashSet to LinkedHashSet
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
2022-02-28 15:02:03 -07:00
Filip Hanik 6e5bb71466 Change HashSet to LinkedHashSet
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
2022-02-28 15:01:58 -07:00
Filip Hanik 70b52a001b Change HashSet to LinkedHashSet
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
2022-02-28 14:57:04 -07:00
Josh Cummings 6dbd88a5a4 Remove WantAssertionsSigned
WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.

Closes gh-10844
2022-02-22 08:14:05 -07:00
Josh Cummings 3d878549f4 Remove WantAssertionsSigned
WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.

Closes gh-10844
2022-02-18 11:43:25 -07:00
Josh Cummings b451ede189 Add Skipping Decryption Error Message
Closes gh-10220
2022-02-16 16:43:31 -07:00
Josh Cummings c6e5781679 Correct Test
Issue gh-10220
2022-02-16 16:43:31 -07:00
Josh Cummings 5cda362c47 Collect All Validation Errors
- OpenSaml4AuthenticationProvider now collects all validation errors
instead of treating some as their own exception

Issue gh-10220
2022-02-16 16:43:31 -07:00
Josh Cummings 97c18478e5 Add Skipping Decryption Error Message
Closes gh-10220
2022-02-16 16:10:36 -07:00
Josh Cummings 399562b2a8 Correct Test
Issue gh-10220
2022-02-16 16:10:36 -07:00
Josh Cummings 836335dc89 Collect All Validation Errors
- OpenSaml4AuthenticationProvider now collects all validation errors
instead of treating some as their own exception

Issue gh-10220
2022-02-16 16:10:19 -07:00
Josh Cummings b4dbcd6b2d Add OpenSamlAssertingPartyDetails
Closes gh-10781
2022-02-07 14:43:06 -07:00
Josh Cummings 541a1e48b3 Add OpenSamlAssertingPartyDetails
Closes gh-10781
2022-02-07 14:42:17 -07:00
Josh Cummings 28747ca89c Fix Checkstyle Error
Issue gh-9696
2022-02-04 20:07:41 -07:00
Josh Cummings 5c4178beb7 Fix Checkstyle Error
Issue gh-9696
2022-02-04 20:07:17 -07:00
Josh Cummings e8be907edf Polish Testing for Custom Attributes Values
- Moved construction and management of custom objects
into TestCustomOpenSamlObjects

Issue gh-9696
2022-02-04 20:04:03 -07:00
pelesic f626d11c6e Add OpenSaml custom types to Saml2AuthenticatedPrincipal
OpenSaml custom types are added to Saml2AutehnticatedPrincipal as
attributes.

Closes gh-9696
2022-02-04 20:04:03 -07:00
Josh Cummings 70bb588a25 Polish Testing for Custom Attributes Values
- Moved construction and management of custom objects
into TestCustomOpenSamlObjects

Issue gh-9696
2022-02-04 19:57:54 -07:00
pelesic 3cc7f384e6 Add OpenSaml custom types to Saml2AuthenticatedPrincipal
OpenSaml custom types are added to Saml2AutehnticatedPrincipal as
attributes.

Closes gh-9696
2022-02-04 13:41:41 -07:00
Josh Cummings 965e689461 Add EntitiesDescriptor Support
Closes gh-10782
2022-01-31 13:32:12 -07:00
Josh Cummings 4095d89bb3 Add EntitiesDescriptor Support
Closes gh-10782
2022-01-31 13:13:21 -07:00
Josh Cummings 60eead9ceb Add Session Index Support
Closes gh-10613
2022-01-28 12:21:44 -07:00
Josh Cummings b1a905befe Add Session Index Support
Closes gh-10613
2022-01-28 12:14:06 -07:00
Josh Cummings df3593f2dd Deprecate Saml2 AuthnRequest Classes
Issue gh-10355
2022-01-24 16:18:33 -07:00
Josh Cummings 5a2556879a Add Saml2AuthenticationRequestResolver
Closes gh-10355
2022-01-24 16:18:33 -07:00
Josh Cummings 620081ea9a Deprecate Saml2 AuthnRequest Classes
Issue gh-10355
2022-01-24 15:16:15 -07:00
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver
Closes gh-10355
2022-01-24 15:09:45 -07:00
Marcus Da Coregio 861368bda5 Make Saml2AuthenticationRequests serializable
Closes gh-10550
2022-01-24 09:24:33 -03:00
Marcus Da Coregio cca35bdd93 Make Saml2AuthenticationRequests serializable
Closes gh-10550
2022-01-24 08:55:26 -03:00
Rob Winch c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 15:32:12 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Josh Cummings 20c252982e Remove SAML 2.0 Logout Default
Closes gh-10607
2022-01-14 15:29:50 -07:00
Josh Cummings d493598e17 Polish LogoutRequest#EncryptedID Support
Issue gh-10663
2022-01-14 14:47:45 -07:00
Robert Stoiber c1bea329ba Enabled SAML LogoutRequests with EncryptedID
The OpenSamlLogoutRequestValidator validates the subject to be logged out.
Formerly this was done only using the NameID from the OpenSamlLogoutRequest.
Now the EncryptedID is also supported, Since the SAML2 Standard also allows
the EncryptedID as subject identifiers,

- added EncryptedID as valid subject in OpenSamlLogoutRequestValidator
- added test

Closes gh-10663
2022-01-14 14:47:36 -07:00
Josh Cummings 3c45d46bd7 Polish LogoutRequest#EncryptedID Support
Issue gh-10663
2022-01-14 14:44:24 -07:00
Robert Stoiber 700cae8d3b Enabled SAML LogoutRequests with EncryptedID
The OpenSamlLogoutRequestValidator validates the subject to be logged out.
Formerly this was done only using the NameID from the OpenSamlLogoutRequest.
Now the EncryptedID is also supported, Since the SAML2 Standard also allows
the EncryptedID as subject identifiers,

- added EncryptedID as valid subject in OpenSamlLogoutRequestValidator
- added test

Closes gh-10663
2022-01-14 14:44:11 -07:00
Josh Cummings c664fbc1a3 Support No SingleLogoutServiceLocation
Closes gh-10674
2022-01-03 13:38:47 -07:00
Josh Cummings 45b7fed884 Remove SAML 2.0 Logout Default
Closes gh-10607
2022-01-03 13:14:12 -07:00
Josh Cummings cb008fa062 Support No SingleLogoutServiceLocation
Closes gh-10674
2022-01-03 13:14:06 -07:00
Josh Cummings 6b54afe9a3 Remove SAML 2.0 Logout Default
Closes gh-10607
2022-01-03 12:54:22 -07:00
Josh Cummings b9453da343 Support No SingleLogoutServiceLocation
Closes gh-10674
2022-01-03 12:54:18 -07:00
Josh Cummings cbf0e1da68 Remove commons-logging from saml2
Issue gh-10499
2021-12-16 10:15:58 -07:00
Arnaud Mergey dbe4d704f8 Add SP NameIDFormat Support
closes gh-9115
2021-12-01 13:23:30 -07:00
Arnaud Mergey a17dfb8456 Add SP NameIDFormat Support
closes gh-9115
2021-12-01 13:02:20 -07:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio 010f719344 Upgrade to JDK 17
Closes gh-10343
2021-11-01 09:02:42 -03:00
Vladimir Surcov 7330ec41e4 Adding keyInfo section to LogoutRequest from RP side
Issue gh-10438
2021-10-29 11:00:19 -06:00
Emil Sierżęga 04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Marcus Da Coregio 00084cf986 Add saml2.ValidIssuers parameter
Adds the saml2.ValidIssuers parameter into SAML 2.0 Assertion Validators

Closes gh-10335
2021-10-14 09:21:43 -06:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Marcus Da Coregio 7112ee3eaa Allow SAML 2.0 loginProcessingURL without registrationId
Closes gh-10176
2021-10-04 09:54:40 -03:00
Marcus Da Coregio e36e2b2a97 Move Saml2AuthnRequestRepository to web package
Moving to solve package tangles

Issue gh-9185
2021-09-29 14:10:39 -03:00
Daniel Garnier-Moiroux 2fb8e66bc8 Saml2WebSsoAuthenticationFilter adds authentication details
Closes gh-7722
2021-09-27 11:44:30 -03:00
Josh Cummings 194993ad1a Add Saml2ParameterNames
Closes gh-10270
2021-09-14 17:40:12 -06:00
Josh Cummings c63d618b26 Add Single Logout Support
Closes gh-8731
2021-09-13 16:39:48 -06:00
Josh Cummings 6488295cad Add RelyingPartyRegistrationResolver
Closes gh-9486
2021-09-13 16:39:48 -06:00
Josh Cummings f5a525e740 Add Registration to Saml2Authentication
Closes gh-9487
2021-09-13 16:39:48 -06:00
Josh Cummings 822e59af45 useJUnitPlatform for SAML 2.0 Tests
Issue gh-9467
2021-09-13 16:39:48 -06:00
Russell Allen 1806cebd64 Fix Assertion
Closes gh-10055
2021-08-09 10:09:06 -03:00
Josh Cummings d5c953b106
Polish Saml2AuthenticationRequestRepository
- Moved docs into AuthnRequest section, changed links to be more
semantically valuable to search engines
- Moved tests to be nearer to similar tests

Issue gh-9185
2021-07-27 14:56:23 -06:00
Marcus Da Coregio 16e17d242e Add Saml2AuthenticationRequestRepository
Closes gh-9185
2021-07-27 14:55:53 -06:00
Rob Winch f73f213f50 Remove DependencySetPlugin
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Daniel Garnier-Moiroux 298068503b Fix Saml2WebSsoAuthenticationRequestFilter javadoc 2021-06-30 13:41:52 +02:00
Marcus Hert da Coregio 03ded987af Allow Defining Custom SAML Response Validator
Add a setter method into OpenSaml4AuthenticationProvider that allows defining a custom ResponseValidator

Closes gh-9721
2021-06-30 08:26:42 -03:00
Marcus Hert da Coregio 6474a9e76e Allow Creating RelyingPartyRegistration from Metadata InputStream
Update SAML2 Login reference documentation to reflect the changes

Closes gh-9558
2021-06-30 08:02:24 -03:00
Josh Cummings 8e0a91d12f
Rebase OpenSamlSigningUtils and Tests
Issue gh-9865
2021-06-07 12:38:56 -06:00
Filip Hanik adad2da964
Provide KeyInfo in Signature for AuthnRequests
Closes gh-9856
2021-06-07 12:38:55 -06:00
Rob Winch 1491f2e0b6 Fix saml javadoc 2021-05-17 22:39:34 -05:00
Rob Winch eda38b8f88 opensaml fixes 2021-05-17 15:51:55 -05:00
Marcus Hert da Coregio ef0d933a65 Update SAML JavaDoc to reference specification
Closes gh-9510
2021-05-13 10:45:23 -06:00
Josh Cummings 457c2a2d06
Add Response Status Check
Closes gh-9718
2021-05-04 09:45:37 -06:00
Josh Cummings 8c92eddbe5
Revert "Add Registration to Saml2Authentication"
This reverts commit efe42b93ce.
2021-04-12 14:44:36 -06:00
Josh Cummings 55047fd996
Revert "Add RelyingPartyRegistrationResolver"
This reverts commit 2f734a0975.
2021-04-12 14:44:19 -06:00
Josh Cummings 37b40476e7
Revert "Add Single Logout Support"
This reverts commit e807fae869.
2021-04-12 14:44:04 -06:00
Josh Cummings 7da6077727
Update to commons-codec:1.15
Closes gh-9575
2021-04-10 10:11:32 -06:00
Josh Cummings e807fae869
Add Single Logout Support
Closes gh-8731
2021-04-10 00:25:34 -06:00
Josh Cummings 2f734a0975
Add RelyingPartyRegistrationResolver
Closes gh-9486
2021-04-10 00:12:38 -06:00
Josh Cummings efe42b93ce
Add Registration to Saml2Authentication
Closes gh-9487
2021-04-10 00:12:38 -06:00
Josh Cummings 88c1475a3b
Polish OpenSAML 4 support
Issue gh-9095
2021-04-10 00:12:15 -06:00
Josh Cummings a8a7ab4ffa
Restore spring-security-web Dependency
Issue gh-9095
2021-04-09 12:42:04 -06:00
Josh Cummings 6f79921750
Default to OpenSAML 3
- To make upgrade passive

Issue gh-9095
2021-04-06 17:11:33 -06:00
Josh Cummings 951202e797
Polish SAML 2.0 Artifacts
- Produce sources jar
- Produce Javadoc jar

Issue gh-9095
2021-04-06 17:10:53 -06:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies"))
Closes gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch de1b3e9d30 Remove DepencencyManagementPlugin
Issue gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch 0f0e8eded4 Add spring-security-dependencies
Issue gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names
Closes gh-9540
2021-04-05 10:36:36 -05:00
Josh Cummings 4b351b1472
Remove SpringSecurityAuthnRequestBuilder
- We don't want to have public top-level classes extending or
implementing OpenSAML classes

Issue gh-9095
2021-03-30 11:40:57 -06:00
Josh Cummings 404e9e153a
Fix Javadoc Errors
Closes gh-9530
2021-03-30 11:37:42 -06:00
Josh Cummings d0d0a8d958 Add OpenSAML 4 Support
Closes gh-9095
2021-03-23 19:07:23 -06:00
Josh Cummings a015b8b000 Add Saml2MessageBinding#from
Closes gh-9515
2021-03-23 19:07:23 -06:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3"
This reverts commit f05cc6269c.
2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings c860076ef5
Fix Saml2MetadataFilter Test
Issue gh-9281
2021-03-02 16:32:17 -07:00
Han YanJing f3fa8e8800
Polish
Issue gh-9310
2021-03-02 12:04:22 -07:00
Han YanJing 6e41246a2b
Throw Saml2AuthenticationException
Closes gh-9310
2021-03-02 12:04:22 -07:00
Josh Cummings 3e8ad4bc2b
Polish Test
Issue gh-9281
2021-03-02 08:24:34 -07:00
Han YanJing c0fa3f906d
Encode the Content-Disposition header following RFC 8187
Closes gh-9281
2021-03-02 08:24:34 -07:00
Han YanJing fb391c5dcd
Add setMetadataFilename method to Saml2MetadataFilter
Closes gh-9317
2021-03-02 08:24:34 -07:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies"
This reverts commit a85caa4098.
2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings 76229cfab7
Migrate SAML 2.0 Tests and Docs to PCFOne
Issue gh-9362
2021-01-22 15:14:03 -07:00
Josh Cummings 7dde7cffda
Add Status Check
Closes gh-8955
2021-01-05 17:32:47 -07:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1"
This reverts commit 25a7482c8c.
2020-11-03 19:53:28 -05:00
Josh Cummings aba0e904f0
Read SigningMethod Elements
Closes gh-9177
2020-11-02 11:27:23 -07:00
Josh Cummings e1826a0bd8
Polish Signature Algorithm Support
- Changed name to signatureAlgorithms since method and algorithm are
synonymous
- Re-ordered methods to follow typical IDPSSODescriptor order
- Adjusted JavaDoc to refer to IDPSSODescriptor terminology

Issue gh-8952
2020-11-02 11:27:23 -07:00
Arnaud Mergey 9900658c92
support configurable signature algorithm
Closes gh-8952
2020-11-02 11:27:23 -07:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Josh Cummings 5699670a43
Polish OpenSamlAuthenticationProvider
Remove deprecated usage

Issue gh-8769
2020-10-14 16:49:37 -06:00
Josh Cummings c8cbf06d8d
Add EncryptedAttribute support
Closes gh-9131
2020-10-14 14:58:42 -06:00
Josh Cummings d0581c9a26
Polish Configurable SAML Decryption Support
- Renamed to setResponseElementsDecrypter and
setAssertionElementsDecrypter to align with ResponseToken and
AssertionToken
- Changed contract of setAssertionElementsDecrypter to use
AssertionToken
- Changed assertions in unit test to use isEqualTo

Issue gh-9044
2020-10-14 14:58:42 -06:00
ryan.cassar 535ae3e27d
Add Configurable SAML Response Decryption
Closes gh-9044
2020-10-14 10:38:05 -06:00
Josh Cummings e6ff57c116
Polish RelyingPartyRegistrations
Issue gh-9028
2020-10-12 13:55:16 -06:00
ryan.cassar 9a11cc84ad
Add File-based Metadata Resolution
Closes gh-9028
2020-10-12 13:55:16 -06:00
Josh Cummings bdfd6f9f92
Remove Unused Code
Issue gh-8887
2020-09-28 13:07:48 -06:00
Josh Cummings bcfbd2dee5
Remove Unused Code
Issue gh-8877
2020-09-26 09:06:28 -06:00
Josh Cummings a36baffb3a
Polish OpenSamlAuthenticationRequestFactory
- Refactored to use SAMLMetadataSignatureSigningParametersResolver

Issue gh-7758
2020-09-26 09:06:24 -06:00
Josh Cummings 2ee455b7bf
Add EntitiesDescriptor Support
Closes gh-9051
2020-09-25 16:23:18 -06:00
Phillip Webb 20baa7d409 Replace ExpectedException @Rules with AssertJ
Replace JUnit ExpectedException @Rules with AssertJ calls.
2020-09-22 16:13:51 -06:00
Phillip Webb 910b81928f Replace try/catch with AssertJ
Replace manual try/catch/fail blocks with AssertJ calls.
2020-09-22 16:13:51 -06:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0"
This reverts commit 3d0e459182.
2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Rob Winch 2abf59b695 Merge Formatting Changes
Issue gh-8945
2020-08-24 17:33:23 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 1f03608b73 Polish spring-security-saml2 main code
Manually polish `spring-security-saml2` following the formatting
and checkstyle fixes.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 834dcf5bcf Use consistent ternary expression style
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 8d3f039f76 Reduce method visibility when possible
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 52f20b5281 Use parenthesis with single-arg lambdas
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 01d90c9881 Hide utility class constructors
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb ff94944313 Add whitespace after copyright header
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 8d80166aaf Update exception variable names
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb e9130489a6 Remove restricted static imports
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb db55ef4b3b Migrate to BDD Mockito
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.

The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 81fe9fc640 Make all exception classes immutable
Update all exception classes so that they are fully immutable and cannot
be changed once they have been thrown.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb a0b9442265 Use consistent modifier order
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb a2f2e9ac8d Move inner-types so that they are always last
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 9e08b51ed3 Apply code cleanup rules to projects
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 8866fa6fb0 Always use 'this.' when accessing fields
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 6894ff5d12 Make classes final where possible
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 37fa94fafc Organize imports
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 5f64f53c3f Use consistent "@" tag order in Javadoc
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb b7fc18262d Reformat code using spring-javaformat
Run `./gradlew format` to reformat all java files.

Issue gh-8945
2020-08-24 17:32:56 -05:00
Josh Cummings 21e9a410ee
Remove Package Tangle
Issue gh-8876
2020-08-19 15:52:20 -06:00
Josh Cummings af5c55c380
Polish AuthnRequest Customization Support
Having the application generate the AuthnRequest fresh allows Spring
Security to back away more gracefully. Using a Consumer implies that
the application will need to undo any values that Spring Security set
that the application doesn't want.

Also, if this does become a configuration burden, it can be simplified
in a separate ticket by exposing the default Converter.

Issue gh-8776
2020-08-19 14:27:31 -06:00
Josh Cummings 3694485056
Polish SAML 2.0 Default Assertion Validator
In several cases, taking a pre-set ValidationContext is not sufficient.
For example, the recipient is calculated via the
RelyingPartyRegistration that's currently in the context of the
request.

Instead, then, createDefaultAssertionValidator was broken up into two
different methods: One that takes no parameters and assumes the class's
default ValidationContext, and another that takes a converter to derive
the ValidationContext from the incoming authentication token.

Issue gh-8970
2020-08-19 13:58:42 -06:00
Josh Cummings da7477cd41
Add Response to Authentication Conversion Support
Closes gh-8010
2020-08-18 17:49:34 -06:00
Josh Cummings 0c696dd58b
Remove XSAnyMarshaller AttributeValue Support
In favor of customizing the authentication converter

Closes gh-8864
2020-08-18 17:42:04 -06:00
Josh Cummings 7b3dda161b
Generalize SAML 2.0 Assertion Validation Support
Closes gh-8970
2020-08-18 12:23:42 -06:00
Phillip Webb 27ac046d8a Rename *Test.java -> *Tests.java
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1"
This reverts commit f3a1e5d40c.
2020-08-05 14:59:11 -04:00
Joe Grandja f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Josh Cummings a701555318
Polish Saml2AuthenticationTokenConverter
Issue gh-8768
2020-08-05 10:08:47 -06:00
Josh Cummings f82190b414
Add RelyingPartyRegistrations
Closes gh-8484
2020-08-05 10:08:47 -06:00
Josh Cummings 506786f46e
Replaced Spaces with Tabs
Updated the .gradle file for SAML 2.0 Service Provider to use tabs
2020-08-05 10:08:47 -06:00
Josh Cummings b999faa5a0
Complete SAML 2.0 SP Metadata Endpoint
Closes gh-8693
2020-08-05 10:08:47 -06:00
Jakub Kubrynski 8a355240bc
SAML 2.0 SP Metadata Endpoint Support
Issue gh-8693
2020-08-05 10:08:47 -06:00
Josh Cummings 31bae546e2
Removed Unused Files
Saml2Utils and Saml2ServletUtils are no longer used

Issue gh-8768
2020-08-05 10:08:46 -06:00
Josh Cummings 5061ae9e79
Add Saml2AuthenticationTokenConverter
Closes gh-8768
2020-08-04 18:41:43 -06:00
Josh Cummings a10c2c6cf8
Polish DefaultSaml2AuthenticationRequestContextResolver
Issue gh-8360
Issue gh-8887
2020-08-04 17:29:13 -06:00
Josh Cummings 015281ff53
Add DefaultRelyingPartyRegistrationResolver
Closes gh-8887
2020-08-04 17:29:10 -06:00
Josh Cummings a402c3884a
Add ConditionValidator Support
Closes gh-8769
2020-08-04 13:05:23 -06:00
Josh Cummings d9d8253603
Polish OpenSamlAuthenticationProvider
Issue gh-8769
2020-08-04 13:05:23 -06:00
Josh Cummings a32de931d3
Polish Javadoc
Issue gh-6019
2020-07-28 16:04:06 -06:00
Josh Cummings 79dca94ce1
Simplify Tests
Issue gh-8772
2020-07-24 17:44:10 -06:00
Joakim Löfgren eccd929819 Update SimpleSaml2AuthenticatedPrincipal class name
Rename it to DefaultSaml2AuthenticatedPrincipal to be more in line with
the respective class in the OAuth2 module.

Also make the class public to be able to whitelist the SAML2 auth classes
in Jackson object mappers for deserialization in e.g. Spring Session MongoDB.

Closes gh-8852
2020-07-23 16:53:32 -06:00
Josh Cummings 08849e2652
Remove OpenSamlImplementation
Closes gh-8775
2020-07-23 16:09:02 -06:00
Josh Cummings 5779121da6
OpenSamlAuthenticationRequestFactory Uses OpenSAML Directly
Closes gh-8774
2020-07-23 16:09:02 -06:00
Josh Cummings 2e2da06bdb
OpenSamlAuthenticationProvider Uses OpenSAML Directly
Closes gh-8773
2020-07-23 16:09:02 -06:00
Josh Cummings 77128a94e2
Add OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
Closes gh-8877
2020-07-23 15:32:22 -06:00
Josh Cummings 2276fcf34a
Add OpenSamlInitializationService
Closes gh-8772
2020-07-23 15:03:16 -06:00
Josh Cummings 43f2904059
Add ACS Location Default
Closes gh-8876
2020-07-23 15:03:16 -06:00
Josh Cummings 97ccbe5df2
Polish Saml2X509Credential Factories
Issue gh-8789
2020-07-20 15:50:16 -06:00
Thomas Vitale 3978cc591f
Add Static Factories to Saml2X509Credential
- Add static factories to Saml2X509Credential for verification, encryption,
signing, and decryption.
- Add unit tests for new static factories in Saml2X509Credential.

Fixes gh-8789
2020-07-20 15:29:48 -06:00
Josh Cummings 56928f61f0
Separate RP and AP Credentials
Closes gh-8788
2020-07-20 14:19:33 -06:00
Josh Cummings a54e77a3c3
Saml2AuthenticationToken takes a RelyingPartyRegistration
Closes gh-8845
2020-07-17 12:19:27 -06:00
Josh Cummings 44ec061f05
Add AssertionConsumerServiceBinding
Closes gh-8776
2020-07-16 16:22:38 -06:00
Josh Cummings 2c960d2ad1
Add AuthnRequestConsumerResolver
Closes gh-8141
2020-07-16 14:53:22 -06:00
Josh Cummings 2e5c87dc75
Restore Binary Compatibility
Issue gh-8835
2020-07-16 11:10:20 -06:00
Josh Cummings b02e344c73
Move Saml2Error
Move to core package

Closes gh-8835
2020-07-15 20:09:45 -06:00
Josh Cummings 5bfc6ea25a
Refactor OpenSamlAuthenticationProvider
Refactored into collaborators in preparation for introducing setters

Issue gh-8769
2020-07-14 18:15:18 -06:00
Josh Cummings 8e8a642e5a
Use Spec Language in RelyingPartyRegistration
Changed conventions to better follow the metadata descriptors that
the registration is meant to represent.

Closes gh-8777
2020-07-07 17:12:39 -06:00
Josh Cummings 146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
This reverts commit 68538897c8.
2020-07-01 13:11:50 -06:00
Josh Cummings 68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
Josh Cummings a344dbdb8c
Use AssertJ
Issue gh-3384
2020-06-18 11:54:33 -06:00
Josh Cummings 360db53dd2
Polish SAML Attribute Support
Issue gh-8661
2020-06-18 11:42:49 -06:00
Nikola Kostic eed33228f4
Add SAML Attribute Support
Closes gh-8661
2020-06-18 11:42:48 -06:00
Josh Cummings 8e7c4c143c
Add TestSaml2AuthenticationRequestContexts
Issue gh-8552
2020-05-18 21:08:03 -06:00
Josh Cummings 9241cd2892
Move TestRelyingPartyRegistrations
Fixes gh-8551
2020-05-18 16:38:40 -06:00
Josh Cummings 7c7934c052
Remove Extra TestSaml2X509Credentials
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
2020-05-18 10:08:27 -06:00
Joe Grandja 86ca6b013c Unlock dependencies
This reverts commit 206960cf44.
2020-05-06 17:27:35 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Josh Cummings d4dbe069ad Polish OpenSamlAuthenticationProvider
- Use type-safe CriteriaSet
- Keep Assertion immutable

Closes gh-8471
2020-05-05 16:33:17 -04:00
Josh Cummings 1da694e19c
Remove TestSaml2SigningCredentials
Since TestSaml2X509Credentials is where tests get Saml2X509Credentials,
there is no reason for TestSaml2SigningCredentials.

Issue gh-8404
2020-04-17 15:46:19 -06:00
Josh Cummings ab772893c7
Polish DefaultSaml2AuthenticationRequestContextResolver
- Added more tests
- Standardized terminology

Issue gh-8360
2020-04-17 15:46:14 -06:00
shazin 8c0bdd50e2
Delegating Saml2AuthenticationRequestContext creation to Saml2AuthenticationRequestContextResolver
Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.

This provides following API contract and implementation:

 - Saml2AuthenticationRequestContextResolver
 - DefaultSaml2AuthenticationRequestContextResolver

Fixes gh-8360
2020-04-17 15:40:24 -06:00
Josh Cummings 8904361a37
Polish Saml Tests
Fixes gh-8403
Fixes gh-8404
2020-04-16 17:10:51 -06:00
Josh Cummings 7056c2d9de
Polish OpenSamlAuthenticationProviderTests
- Added missing this keywords
- Removed unused variables
- Coded to interfaces
- Added missing JavaDoc

Issue gh-6019
2020-04-16 17:09:46 -06:00
shazin 4e5a3a76cd
Open Saml2AuthenticationRequestContext
Fixed gh-8356
2020-04-13 23:58:12 -06:00
Josh Cummings 95f0d02d79
Polish Saml2WebSsoAuthenticationRequestFilter
- Updated formatting
- Reordered methods
- Removed a method

These changes will hopefully simplify future contribution.

Issue gh-6019
2020-04-08 16:27:46 -06:00
Josh Cummings 711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.

Fixes gh-8359
2020-04-08 16:27:46 -06:00
Josh Cummings 887cb99926
Saml2AuthenticationRequestFilter Tests
To confirm behavior still works as expected after making related changes.

Issue gh-8359
2020-04-08 16:27:46 -06:00
Josh Cummings 0ca65f8677
Add Missing JavaDoc
Issue gh-6019
2020-04-08 16:27:46 -06:00
Josh Cummings 7f2f210eb8
Simplify OpenSamlImplementation
- Removed reflection usage
- Simplified method signatures

Issue gh-7711
Fixes gh-8147
2020-03-20 12:13:14 -06:00
Josh Cummings 088ea07f07
Simplify Saml2ServletUtils
Removed one method as well as a parameter from another method

Issue gh-7711
2020-03-20 12:13:14 -06:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
This reverts commit 147d7dadd7.
2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Filip Hanik 3257349045 Support POST binding for AuthNRequest
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
Filip Hanik a51a202925 Correct signature handling for SAML2 AuthNRequest
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
2020-02-12 13:30:48 -08:00
Filip Hanik 43098d41cc Revert "Correct signature handling for SAML2 AuthNRequest"
This reverts commit a3e09fadd7.
Build failure on Java 9+

XML generation does not add linefeeds by default
Change since Java 8
2020-02-12 13:30:48 -08:00
Filip Hanik a3e09fadd7 Correct signature handling for SAML2 AuthNRequest
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
2020-02-12 11:40:19 -08:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version
This reverts commit 064616f1ef.
2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Eleftheria Stein 5678490c1f Add relying party registration not found exception
Fixes: gh-7865
2020-02-04 09:58:54 +01:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f1.
2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Filip Hanik 9d26f12e86 Add an example of Base64 encoding that failed with java.util.Base64
Revert usage to Apache Commons Codec (dependency by OpenSaml)
2020-01-01 15:45:10 -08:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login()
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
Eleftheria Stein da3f18017d Polish SAML2 principal classes
Update @since

Issue: gh-7681
2019-12-12 20:22:58 +01:00
Clement Stoquart 31b999e9b4 fix: make Saml2Authentication serializable 2019-12-12 17:11:00 +01:00
Clement Stoquart 0c47bfb1e3 Remove empty relay state from redirect url 2019-12-10 09:49:54 -08:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login()
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
Mike Truso a4430aa21b Fix variable reference in sample code 2019-10-29 14:04:05 -06:00
Filip Hanik 0f14844acf We will not validate IP addresses as part of assertion validation
Fixes gh-7514

https://github.com/spring-projects/spring-security/issues/7514
2019-10-28 20:08:42 -07:00
Brendt Lucas 8ebfba3019 Support configuration of protocol binding for authentication requests 2019-10-15 15:57:45 -05:00
Filip Hanik 83b5f5c7ae Improve the Saml2AuthenticationRequest object
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
2019-09-30 11:01:34 -07:00
Filip Hanik 9731386de5 Correctly set "Destination" in AuthNRequest message
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
2019-09-30 11:01:34 -07:00
Filip Hanik 69eacac514 Fix javadoc for RelyingPartyRegistrationRepository 2019-09-30 09:22:36 -07:00
Filip Hanik 7adb4da3ef Always require signature on either response or assertion
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
2019-09-30 09:22:36 -07:00
Filip Hanik 22da2b45c9 SAML Assertion validation should propagate errors: #7375 and #7375
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375

Clean up code

- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
2019-09-27 09:07:25 -07:00
Filip Hanik b6a057a925 OpenSAML expects type `long` representing millis for response time validation skew
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
2019-09-27 09:07:25 -07:00
Filip Hanik adde18b873 Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception"
This reverts commit e9619fb0e7, reversing
changes made to 45a1490d5d.
2019-09-24 16:05:09 -07:00
Filip Hanik d472e99528 SAML Assertion validation should propagate errors: #7375 and #7375
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
2019-09-24 14:40:39 -07:00
Filip Hanik 20033ffd4a OpenSAML expects type `long` representing millis for response time validation skew
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
2019-09-24 14:40:39 -07:00
Filip Hanik 438ae215f8 Upgrade to OpenSAML 3.4.3
Fixes gh-7392
2019-09-06 08:04:15 -07:00
Josh Cummings c716b400a1
Update to OpenSaml 3.3.1
Fixes gh-7388
2019-09-06 07:20:13 -06:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
2019-09-05 14:40:08 -07:00