Commit Graph

385 Commits

Author SHA1 Message Date
Josh Cummings 0ca65f8677
Add Missing JavaDoc
Issue gh-6019
2020-04-08 16:27:46 -06:00
Josh Cummings 7f2f210eb8
Simplify OpenSamlImplementation
- Removed reflection usage
- Simplified method signatures

Issue gh-7711
Fixes gh-8147
2020-03-20 12:13:14 -06:00
Josh Cummings 088ea07f07
Simplify Saml2ServletUtils
Removed one method as well as a parameter from another method

Issue gh-7711
2020-03-20 12:13:14 -06:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
This reverts commit 147d7dadd7.
2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Filip Hanik 3257349045 Support POST binding for AuthNRequest
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
Filip Hanik a51a202925 Correct signature handling for SAML2 AuthNRequest
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
2020-02-12 13:30:48 -08:00
Filip Hanik 43098d41cc Revert "Correct signature handling for SAML2 AuthNRequest"
This reverts commit a3e09fadd7.
Build failure on Java 9+

XML generation does not add linefeeds by default
Change since Java 8
2020-02-12 13:30:48 -08:00
Filip Hanik a3e09fadd7 Correct signature handling for SAML2 AuthNRequest
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
2020-02-12 11:40:19 -08:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version
This reverts commit 064616f1ef.
2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Eleftheria Stein 5678490c1f Add relying party registration not found exception
Fixes: gh-7865
2020-02-04 09:58:54 +01:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f1.
2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Filip Hanik 9d26f12e86 Add an example of Base64 encoding that failed with java.util.Base64
Revert usage to Apache Commons Codec (dependency by OpenSaml)
2020-01-01 15:45:10 -08:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login()
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
Eleftheria Stein da3f18017d Polish SAML2 principal classes
Update @since

Issue: gh-7681
2019-12-12 20:22:58 +01:00
Clement Stoquart 31b999e9b4 fix: make Saml2Authentication serializable 2019-12-12 17:11:00 +01:00
Clement Stoquart 0c47bfb1e3 Remove empty relay state from redirect url 2019-12-10 09:49:54 -08:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login()
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
Mike Truso a4430aa21b Fix variable reference in sample code 2019-10-29 14:04:05 -06:00
Filip Hanik 0f14844acf We will not validate IP addresses as part of assertion validation
Fixes gh-7514

https://github.com/spring-projects/spring-security/issues/7514
2019-10-28 20:08:42 -07:00
Brendt Lucas 8ebfba3019 Support configuration of protocol binding for authentication requests 2019-10-15 15:57:45 -05:00
Filip Hanik 83b5f5c7ae Improve the Saml2AuthenticationRequest object
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
2019-09-30 11:01:34 -07:00
Filip Hanik 9731386de5 Correctly set "Destination" in AuthNRequest message
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
2019-09-30 11:01:34 -07:00
Filip Hanik 69eacac514 Fix javadoc for RelyingPartyRegistrationRepository 2019-09-30 09:22:36 -07:00
Filip Hanik 7adb4da3ef Always require signature on either response or assertion
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
2019-09-30 09:22:36 -07:00
Filip Hanik 22da2b45c9 SAML Assertion validation should propagate errors: #7375 and #7375
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375

Clean up code

- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
2019-09-27 09:07:25 -07:00
Filip Hanik b6a057a925 OpenSAML expects type `long` representing millis for response time validation skew
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
2019-09-27 09:07:25 -07:00
Filip Hanik adde18b873 Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception"
This reverts commit e9619fb0e7, reversing
changes made to 45a1490d5d.
2019-09-24 16:05:09 -07:00
Filip Hanik d472e99528 SAML Assertion validation should propagate errors: #7375 and #7375
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
2019-09-24 14:40:39 -07:00
Filip Hanik 20033ffd4a OpenSAML expects type `long` representing millis for response time validation skew
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
2019-09-24 14:40:39 -07:00
Filip Hanik 438ae215f8 Upgrade to OpenSAML 3.4.3
Fixes gh-7392
2019-09-06 08:04:15 -07:00
Josh Cummings c716b400a1
Update to OpenSaml 3.3.1
Fixes gh-7388
2019-09-06 07:20:13 -06:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
2019-09-05 14:40:08 -07:00