409998a3fe
Add hash-based Content-Security-Policy for SAML pages
...
Closes gh-11631
2022-07-27 17:59:42 -06:00
56a6133b20
Merge Same-named Attribute Elements
...
Closes gh-11042
2022-07-20 18:43:25 -06:00
bced37f6a7
Merge Same-named Attribute Elements
...
Closes gh-11042
2022-07-20 18:41:55 -06:00
561f65b34d
Merge Same-named Attribute Elements
...
Closes gh-11042
2022-07-20 18:40:20 -06:00
e092ec780f
Merge Same-named Attribute Elements
...
Closes gh-11042
2022-07-20 18:33:24 -06:00
7b18336c6a
Change interface with constants to final class
...
Closes gh-10960
2022-07-13 15:51:58 -04:00
3c8a80c364
Add SecurityContextHolderStrategy to Saml2
...
Issue gh-11060
2022-06-27 13:05:11 -06:00
2a3845a7ed
Update org.opensaml:opensaml-core4 to 4.1.1
...
Closes gh-11420
2022-06-20 14:50:24 -04:00
bca43af9bb
Update org.opensaml:opensaml-core4 to 4.1.1
...
Closes gh-11410
2022-06-20 12:08:07 -04:00
d22277ce36
Add missing KeyInfo
...
Closes gh-11354
2022-06-09 13:16:50 -06:00
bd60a0f8c9
Add OpenSamlSigningUtilsTests
...
Issue gh-11354
2022-06-09 13:16:49 -06:00
89fb075e2d
Add missing KeyInfo
...
Closes gh-11354
2022-06-09 13:14:19 -06:00
3a41567a18
Add OpenSamlSigningUtilsTests
...
Issue gh-11354
2022-06-09 13:14:13 -06:00
812bb0ead0
Add missing KeyInfo
...
Closes gh-11354
2022-06-09 13:12:52 -06:00
bb9c7d1b6e
Add OpenSamlSigningUtilsTests
...
Issue gh-11354
2022-06-09 13:12:33 -06:00
3ca4b06612
Support multiple SingleLogoutService bindings.
...
Closes gh-11286
2022-06-09 12:56:16 -06:00
89989722d0
Support multiple SingleLogoutService bindings.
...
Closes gh-11286
2022-06-09 12:50:33 -06:00
29ba67b6d7
Remove dependency on commons-codec by using java.util.Base64
...
Closes gh-11318
2022-06-09 06:50:01 -06:00
f3c96fa9cd
Remove dependency on commons-codec by using java.util.Base64
...
Closes gh-11318
2022-06-09 06:49:39 -06:00
fc653bb81a
make SAML authentication request uri configurable
...
Closes gh-10840
2022-06-06 12:49:29 -06:00
f4049c18b1
add SAML authentication request support to login configurer
...
Closes gh-8873
2022-06-06 08:05:33 -06:00
33104269d6
make SAML authentication request uri configurable
...
Closes gh-10840
2022-06-06 08:05:33 -06:00
e20323e0a8
Use Java 11 Toolchain for OpenSaml4 compile
...
Issue gh-10816
2022-06-02 19:24:42 +02:00
07f9afe057
Use 'md:' prefix in EntityDescriptor XML
...
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.
Closes #11283
2022-05-31 17:11:02 -06:00
c39d39b35f
Use 'md:' prefix in EntityDescriptor XML
...
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.
Closes #11283
2022-05-31 17:08:51 -06:00
b1004aff4e
Use 'md:' prefix in EntityDescriptor XML
...
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.
Closes #11283
2022-05-31 17:07:18 -06:00
b470f29cf8
Use 'md:' prefix with EntityDescriptor tag in the metadata xml
...
Create the EntityDescriptor object with EntityDescriptor.DEFAULT_ELEMENT_NAME instead of EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag is marshalled to xml with the 'md:' prefix, consistent with all other metadata tags.
Closes #11283
2022-05-31 17:06:00 -06:00
649428b49a
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 12:06:27 -06:00
d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 12:02:13 -06:00
16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 11:43:50 -06:00
f2d6ead398
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 11:42:54 -06:00
bcd104763e
Remove duplicate check
...
Closes gh-11192
2022-05-23 16:01:37 -06:00
53e509f0c6
Remove duplicate check
...
Closes gh-11192
2022-05-23 16:00:15 -06:00
5cbc1a47da
Use original query string to verify signature
...
Closes gh-11235
2022-05-23 15:30:07 -06:00
b51c71c3b3
Use original query string to verify signature
...
Closes gh-11235
2022-05-23 13:56:28 -06:00
7f5c31995e
Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest
...
Closes gh-11195
2022-05-17 16:41:44 -06:00
9b874bcde2
Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest
...
Closes gh-11195
2022-05-17 16:21:54 -06:00
995b2918bb
Remove SAML Deprecations
...
Closes gh-11077
2022-05-06 10:15:42 -03:00
c93c6b928e
Polish Relay State Resolver
...
Issue gh-11065
2022-05-05 17:42:02 -06:00
f7a43e4989
Allow custom relay state
...
Closes gh-11065
2022-05-05 17:42:01 -06:00
13795cdec1
Polish Relay State Resolver
...
Issue gh-11065
2022-05-05 17:28:30 -06:00
4dfc349914
Allow custom relay state
...
Closes gh-11065
2022-05-05 17:26:39 -06:00
3cbb60750d
Add Jackson Support for Saml2AuthenticationException
...
Closes gh-11169
2022-05-02 17:41:52 -05:00
c6038b1ea3
Add Jackson Support for Saml2AuthenticationException
...
Closes gh-11169
2022-05-02 16:24:43 -05:00
cfb1745906
Deprecate Saml2AuthenticationRequestFactory
...
Closes gh-11080
2022-04-08 09:33:41 -03:00
bb0c336ae8
Deprecate Saml2AuthenticationRequestFactory
...
Closes gh-11080
2022-04-08 09:32:03 -03:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
cf29bf996c
Polish InResponseTo support
...
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once
Issue gh-9174
2022-03-15 14:06:58 -06:00
3c878549b5
Add support for validation of InResponseTo
...
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).
Closes gh-9174
2022-03-15 14:06:57 -06:00
836f203d44
Refactored OpenSaml4AuthenticationProviderTests
...
Factored out repeatedly used code for signing a request.
2022-03-15 14:06:57 -06:00
070514b9dd
Polish InResponseTo support
...
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once
Issue gh-9174
2022-03-15 13:06:32 -06:00
4aa9420047
Add support for validation of InResponseTo
...
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).
Closes gh-9174
2022-03-15 13:06:32 -06:00
a17cf9e814
Refactored OpenSaml4AuthenticationProviderTests
...
Factored out repeatedly used code for signing a request.
2022-03-15 13:06:31 -06:00
1cbe7a75d3
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 10:40:26 -03:00
73f839312d
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 09:18:01 -03:00
ff87cfce3a
Polish EntityDescriptor Customizer
...
Issue gh-10839
2022-03-04 10:42:04 -07:00
d225205bf2
Add method to customize EntityDescriptor
...
Closes gh-10839
2022-03-04 10:42:04 -07:00
87828df9d5
Polish EntityDescriptor Customizer
...
Issue gh-10839
2022-03-04 10:40:30 -07:00
3602eff1ac
Add method to customize EntityDescriptor
...
Closes gh-10839
2022-03-04 10:40:30 -07:00
304e89041c
Polish Formatting
...
Issue gh-10799
2022-03-02 16:40:13 -07:00
f1a76efc2d
Preserve order of RelyingPartRegistration credentials
...
Issue gh-10799
2022-03-02 16:40:13 -07:00
963251314b
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:40:11 -07:00
ee061f3659
Use RFC2045 Encoding for SAML 2.0 Logout
...
Closes gh-10923
2022-03-02 16:39:31 -07:00
923c61e9d2
Polish Formatting
...
Issue gh-10799
2022-03-02 16:37:58 -07:00
14d0663ae2
Preserve order of RelyingPartRegistration credentials
...
Issue gh-10799
2022-03-02 16:37:58 -07:00
346038d66c
Polish Formatting
...
Issue gh-10799
2022-03-02 16:36:23 -07:00
c734b4b39e
Preserve order of RelyingPartRegistration credentials
...
Issue gh-10799
2022-03-02 16:36:23 -07:00
5b9a45de01
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:30:21 -07:00
0b59e7797d
Use RFC2045 Encoding for SAML 2.0 Logout
...
Closes gh-10923
2022-03-02 16:30:21 -07:00
7a02bd14c1
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:19:03 -07:00
238616da80
Use RFC2045 Encoding for SAML 2.0 Logout
...
Closes gh-10923
2022-03-02 16:18:34 -07:00
4ede1feae5
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 14:17:17 -07:00
2334610fa9
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 14:17:17 -07:00
6c3d183a94
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 13:56:02 -07:00
df84826c95
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 12:07:55 -07:00
47871562ca
Change HashSet to LinkedHashSet
...
For various RelyingPartyRegistration.credentials to preserve order of insertion.
Issue gh-10799
2022-02-28 15:02:03 -07:00
6e5bb71466
Change HashSet to LinkedHashSet
...
For various RelyingPartyRegistration.credentials to preserve order of insertion.
Issue gh-10799
2022-02-28 15:01:58 -07:00
70b52a001b
Change HashSet to LinkedHashSet
...
For various RelyingPartyRegistration.credentials to preserve order of insertion.
Issue gh-10799
2022-02-28 14:57:04 -07:00
6dbd88a5a4
Remove WantAssertionsSigned
...
WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.
Closes gh-10844
2022-02-22 08:14:05 -07:00
3d878549f4
Remove WantAssertionsSigned
...
WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.
Closes gh-10844
2022-02-18 11:43:25 -07:00
b451ede189
Add Skipping Decryption Error Message
...
Closes gh-10220
2022-02-16 16:43:31 -07:00
c6e5781679
Correct Test
...
Issue gh-10220
2022-02-16 16:43:31 -07:00
5cda362c47
Collect All Validation Errors
...
- OpenSaml4AuthenticationProvider now collects all validation errors
instead of treating some as their own exception
Issue gh-10220
2022-02-16 16:43:31 -07:00
97c18478e5
Add Skipping Decryption Error Message
...
Closes gh-10220
2022-02-16 16:10:36 -07:00
399562b2a8
Correct Test
...
Issue gh-10220
2022-02-16 16:10:36 -07:00
836335dc89
Collect All Validation Errors
...
- OpenSaml4AuthenticationProvider now collects all validation errors
instead of treating some as their own exception
Issue gh-10220
2022-02-16 16:10:19 -07:00
b4dbcd6b2d
Add OpenSamlAssertingPartyDetails
...
Closes gh-10781
2022-02-07 14:43:06 -07:00
541a1e48b3
Add OpenSamlAssertingPartyDetails
...
Closes gh-10781
2022-02-07 14:42:17 -07:00
28747ca89c
Fix Checkstyle Error
...
Issue gh-9696
2022-02-04 20:07:41 -07:00
5c4178beb7
Fix Checkstyle Error
...
Issue gh-9696
2022-02-04 20:07:17 -07:00
e8be907edf
Polish Testing for Custom Attributes Values
...
- Moved construction and management of custom objects
into TestCustomOpenSamlObjects
Issue gh-9696
2022-02-04 20:04:03 -07:00
f626d11c6e
Add OpenSaml custom types to Saml2AuthenticatedPrincipal
...
OpenSaml custom types are added to Saml2AutehnticatedPrincipal as
attributes.
Closes gh-9696
2022-02-04 20:04:03 -07:00
70bb588a25
Polish Testing for Custom Attributes Values
...
- Moved construction and management of custom objects
into TestCustomOpenSamlObjects
Issue gh-9696
2022-02-04 19:57:54 -07:00
3cc7f384e6
Add OpenSaml custom types to Saml2AuthenticatedPrincipal
...
OpenSaml custom types are added to Saml2AutehnticatedPrincipal as
attributes.
Closes gh-9696
2022-02-04 13:41:41 -07:00
965e689461
Add EntitiesDescriptor Support
...
Closes gh-10782
2022-01-31 13:32:12 -07:00
4095d89bb3
Add EntitiesDescriptor Support
...
Closes gh-10782
2022-01-31 13:13:21 -07:00
60eead9ceb
Add Session Index Support
...
Closes gh-10613
2022-01-28 12:21:44 -07:00
b1a905befe
Add Session Index Support
...
Closes gh-10613
2022-01-28 12:14:06 -07:00
df3593f2dd
Deprecate Saml2 AuthnRequest Classes
...
Issue gh-10355
2022-01-24 16:18:33 -07:00
5a2556879a
Add Saml2AuthenticationRequestResolver
...
Closes gh-10355
2022-01-24 16:18:33 -07:00
Ulrich Grave
Josh Cummings
Joe Grandja
Jared Rufer
j3graham
Houssem BELHADJ AHMED
Marcus Da Coregio
Claudio Consolmagno
Juny Tse
sebastiano
Steve Riesenberg
Elias Lousseief
Sander van Schouwenburg
Filip Hanik
pelesic