Merge pull request #10516 from SmartyAnsh/master
BAEL-4628 - Spring Security SAML
This commit is contained in:
Eric Martin
GitHub
commit
e26aebc76f
|
|
@ -35,6 +35,7 @@
|
|||
<module>spring-security-legacy-oidc</module>
|
||||
<module>spring-security-oidc</module>
|
||||
<module>spring-security-okta</module>
|
||||
<module>spring-security-saml</module>
|
||||
<module>spring-security-web-react</module>
|
||||
<module>spring-security-web-rest</module>
|
||||
<module>spring-security-web-rest-basic-auth</module>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,73 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>spring-security-saml</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
<name>spring-security-saml</name>
|
||||
<packaging>war</packaging>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>parent-boot-2</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../../parent-boot-2</relativePath>
|
||||
</parent>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>Shibboleth</id>
|
||||
<name>Shibboleth</name>
|
||||
<url>https://build.shibboleth.net/nexus/content/repositories/releases/</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-thymeleaf</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security.extensions</groupId>
|
||||
<artifactId>spring-security-saml2-core</artifactId>
|
||||
<version>${saml2-core.spring.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<finalName>spring-security-saml</finalName>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/resources</directory>
|
||||
</resource>
|
||||
</resources>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<addResources>true</addResources>
|
||||
</configuration>
|
||||
<executions>
|
||||
<execution>
|
||||
<goals>
|
||||
<goal>repackage</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
<properties>
|
||||
<saml2-core.spring.version>1.0.10.RELEASE</saml2-core.spring.version>
|
||||
</properties>
|
||||
</project>
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
package com.baeldung.saml;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
@SpringBootApplication
|
||||
public class Application {
|
||||
public static void main(String... args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
package com.baeldung.saml.authentication;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.providers.ExpiringUsernameAuthenticationToken;
|
||||
import org.springframework.security.saml.SAMLAuthenticationProvider;
|
||||
import org.springframework.security.saml.SAMLCredential;
|
||||
|
||||
public class CustomSAMLAuthenticationProvider extends SAMLAuthenticationProvider {
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getEntitlements(SAMLCredential credential, Object userDetail) {
|
||||
|
||||
if(userDetail instanceof ExpiringUsernameAuthenticationToken) {
|
||||
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
|
||||
authorities.addAll(((ExpiringUsernameAuthenticationToken) userDetail).getAuthorities());
|
||||
return authorities;
|
||||
|
||||
} else {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,226 @@
|
|||
package com.baeldung.saml.config;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
|
||||
import org.opensaml.saml2.metadata.provider.MetadataProvider;
|
||||
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
|
||||
import org.opensaml.util.resource.ResourceException;
|
||||
import org.opensaml.xml.parse.StaticBasicParserPool;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.DefaultResourceLoader;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.saml.*;
|
||||
import org.springframework.security.saml.context.SAMLContextProviderImpl;
|
||||
import org.springframework.security.saml.key.JKSKeyManager;
|
||||
import org.springframework.security.saml.key.KeyManager;
|
||||
import org.springframework.security.saml.log.SAMLDefaultLogger;
|
||||
import org.springframework.security.saml.metadata.CachingMetadataManager;
|
||||
import org.springframework.security.saml.metadata.ExtendedMetadata;
|
||||
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
|
||||
import org.springframework.security.saml.processor.*;
|
||||
import org.springframework.security.saml.util.VelocityFactory;
|
||||
import org.springframework.security.saml.websso.*;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
|
||||
|
||||
import com.baeldung.saml.authentication.CustomSAMLAuthenticationProvider;
|
||||
|
||||
@Configuration
|
||||
public class SamlSecurityConfig {
|
||||
|
||||
@Value("${saml.keystore.location}")
|
||||
private String samlKeystoreLocation;
|
||||
|
||||
@Value("${saml.keystore.password}")
|
||||
private String samlKeystorePassword;
|
||||
|
||||
@Value("${saml.keystore.alias}")
|
||||
private String samlKeystoreAlias;
|
||||
|
||||
@Value("${saml.idp}")
|
||||
private String defaultIdp;
|
||||
|
||||
@Bean(initMethod = "initialize")
|
||||
public StaticBasicParserPool parserPool() {
|
||||
return new StaticBasicParserPool();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLAuthenticationProvider samlAuthenticationProvider() {
|
||||
return new CustomSAMLAuthenticationProvider();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLContextProviderImpl contextProvider() {
|
||||
return new SAMLContextProviderImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public static SAMLBootstrap samlBootstrap() {
|
||||
return new SAMLBootstrap();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLDefaultLogger samlLogger() {
|
||||
return new SAMLDefaultLogger();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSSOProfileConsumer webSSOprofileConsumer() {
|
||||
return new WebSSOProfileConsumerImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Qualifier("hokWebSSOprofileConsumer")
|
||||
public WebSSOProfileConsumerHoKImpl hokWebSSOProfileConsumer() {
|
||||
return new WebSSOProfileConsumerHoKImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSSOProfile webSSOprofile() {
|
||||
return new WebSSOProfileImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
|
||||
return new WebSSOProfileConsumerHoKImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSSOProfileECPImpl ecpProfile() {
|
||||
return new WebSSOProfileECPImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SingleLogoutProfile logoutProfile() {
|
||||
return new SingleLogoutProfileImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KeyManager keyManager() {
|
||||
DefaultResourceLoader loader = new DefaultResourceLoader();
|
||||
Resource storeFile = loader.getResource(samlKeystoreLocation);
|
||||
Map<String, String> passwords = new HashMap<>();
|
||||
passwords.put(samlKeystoreAlias, samlKeystorePassword);
|
||||
return new JKSKeyManager(storeFile, samlKeystorePassword, passwords, samlKeystoreAlias);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSSOProfileOptions defaultWebSSOProfileOptions() {
|
||||
WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
|
||||
webSSOProfileOptions.setIncludeScoping(false);
|
||||
return webSSOProfileOptions;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLEntryPoint samlEntryPoint() {
|
||||
SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
|
||||
samlEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions());
|
||||
return samlEntryPoint;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public ExtendedMetadata extendedMetadata() {
|
||||
ExtendedMetadata extendedMetadata = new ExtendedMetadata();
|
||||
extendedMetadata.setIdpDiscoveryEnabled(false);
|
||||
extendedMetadata.setSignMetadata(false);
|
||||
return extendedMetadata;
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Qualifier("okta")
|
||||
public ExtendedMetadataDelegate oktaExtendedMetadataProvider() throws MetadataProviderException {
|
||||
File metadata = null;
|
||||
try {
|
||||
metadata = new File("./src/main/resources/saml/metadata/sso.xml");
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
FilesystemMetadataProvider provider = new FilesystemMetadataProvider(metadata);
|
||||
provider.setParserPool(parserPool());
|
||||
return new ExtendedMetadataDelegate(provider, extendedMetadata());
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Qualifier("metadata")
|
||||
public CachingMetadataManager metadata() throws MetadataProviderException, ResourceException {
|
||||
List<MetadataProvider> providers = new ArrayList<>();
|
||||
providers.add(oktaExtendedMetadataProvider());
|
||||
CachingMetadataManager metadataManager = new CachingMetadataManager(providers);
|
||||
metadataManager.setDefaultIDP(defaultIdp);
|
||||
return metadataManager;
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Qualifier("saml")
|
||||
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
|
||||
SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler = new SavedRequestAwareAuthenticationSuccessHandler();
|
||||
successRedirectHandler.setDefaultTargetUrl("/home");
|
||||
return successRedirectHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Qualifier("saml")
|
||||
public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() {
|
||||
SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
|
||||
failureHandler.setUseForward(true);
|
||||
failureHandler.setDefaultFailureUrl("/error");
|
||||
return failureHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SimpleUrlLogoutSuccessHandler successLogoutHandler() {
|
||||
SimpleUrlLogoutSuccessHandler successLogoutHandler = new SimpleUrlLogoutSuccessHandler();
|
||||
successLogoutHandler.setDefaultTargetUrl("/");
|
||||
return successLogoutHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityContextLogoutHandler logoutHandler() {
|
||||
SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
|
||||
logoutHandler.setInvalidateHttpSession(true);
|
||||
logoutHandler.setClearAuthentication(true);
|
||||
return logoutHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
|
||||
return new SAMLLogoutProcessingFilter(successLogoutHandler(), logoutHandler());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLLogoutFilter samlLogoutFilter() {
|
||||
return new SAMLLogoutFilter(successLogoutHandler(),
|
||||
new LogoutHandler[] { logoutHandler() },
|
||||
new LogoutHandler[] { logoutHandler() });
|
||||
}
|
||||
|
||||
@Bean
|
||||
public HTTPPostBinding httpPostBinding() {
|
||||
return new HTTPPostBinding(parserPool(), VelocityFactory.getEngine());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public HTTPRedirectDeflateBinding httpRedirectDeflateBinding() {
|
||||
return new HTTPRedirectDeflateBinding(parserPool());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLProcessorImpl processor() {
|
||||
ArrayList<SAMLBinding> bindings = new ArrayList<>();
|
||||
bindings.add(httpRedirectDeflateBinding());
|
||||
bindings.add(httpPostBinding());
|
||||
return new SAMLProcessorImpl(bindings);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,152 @@
|
|||
package com.baeldung.saml.config;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.saml.*;
|
||||
import org.springframework.security.saml.key.KeyManager;
|
||||
import org.springframework.security.saml.metadata.*;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
import org.springframework.security.web.csrf.CsrfFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(securedEnabled = true)
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Value("${saml.sp}")
|
||||
private String samlAudience;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("saml")
|
||||
private SavedRequestAwareAuthenticationSuccessHandler samlAuthSuccessHandler;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("saml")
|
||||
private SimpleUrlAuthenticationFailureHandler samlAuthFailureHandler;
|
||||
|
||||
@Autowired
|
||||
private SAMLEntryPoint samlEntryPoint;
|
||||
|
||||
@Autowired
|
||||
private SAMLLogoutFilter samlLogoutFilter;
|
||||
|
||||
@Autowired
|
||||
private SAMLLogoutProcessingFilter samlLogoutProcessingFilter;
|
||||
|
||||
@Bean
|
||||
public SAMLDiscovery samlDiscovery() {
|
||||
SAMLDiscovery idpDiscovery = new SAMLDiscovery();
|
||||
return idpDiscovery;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
private SAMLAuthenticationProvider samlAuthenticationProvider;
|
||||
|
||||
@Autowired
|
||||
private ExtendedMetadata extendedMetadata;
|
||||
|
||||
@Autowired
|
||||
private KeyManager keyManager;
|
||||
|
||||
public MetadataGenerator metadataGenerator() {
|
||||
MetadataGenerator metadataGenerator = new MetadataGenerator();
|
||||
metadataGenerator.setEntityId(samlAudience);
|
||||
metadataGenerator.setExtendedMetadata(extendedMetadata);
|
||||
metadataGenerator.setIncludeDiscoveryExtension(false);
|
||||
metadataGenerator.setKeyManager(keyManager);
|
||||
return metadataGenerator;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
|
||||
SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
|
||||
samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager());
|
||||
samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(samlAuthSuccessHandler);
|
||||
samlWebSSOProcessingFilter.setAuthenticationFailureHandler(samlAuthFailureHandler);
|
||||
return samlWebSSOProcessingFilter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public FilterChainProxy samlFilter() throws Exception {
|
||||
List<SecurityFilterChain> chains = new ArrayList<>();
|
||||
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
|
||||
samlWebSSOProcessingFilter()));
|
||||
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
|
||||
samlDiscovery()));
|
||||
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
|
||||
samlEntryPoint));
|
||||
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
|
||||
samlLogoutFilter));
|
||||
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
|
||||
samlLogoutProcessingFilter));
|
||||
return new FilterChainProxy(chains);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public MetadataGeneratorFilter metadataGeneratorFilter() {
|
||||
return new MetadataGeneratorFilter(metadataGenerator());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf()
|
||||
.disable();
|
||||
|
||||
http
|
||||
.httpBasic()
|
||||
.authenticationEntryPoint(samlEntryPoint);
|
||||
|
||||
http
|
||||
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
|
||||
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
|
||||
.addFilterBefore(samlFilter(), CsrfFilter.class);
|
||||
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/").permitAll()
|
||||
.anyRequest().authenticated();
|
||||
|
||||
http
|
||||
.logout()
|
||||
.addLogoutHandler((request, response, authentication) -> {
|
||||
try {
|
||||
response.sendRedirect("/saml/logout");
|
||||
} catch (IOException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.authenticationProvider(samlAuthenticationProvider);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
package com.baeldung.saml.controller;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
@Controller
|
||||
public class HomeController {
|
||||
|
||||
@RequestMapping("/")
|
||||
public String index() {
|
||||
return "index";
|
||||
}
|
||||
|
||||
@GetMapping(value = "/auth")
|
||||
public String handleSamlAuth() {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth != null) {
|
||||
return "redirect:/home";
|
||||
} else {
|
||||
return "/";
|
||||
}
|
||||
}
|
||||
|
||||
@RequestMapping("/home")
|
||||
public String home(Model model) {
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
model.addAttribute("username", authentication.getPrincipal());
|
||||
return "home";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
saml.keystore.location=classpath:/saml/samlKeystore.jks
|
||||
saml.keystore.password=<key_pass>
|
||||
saml.keystore.alias=<key_alias>
|
||||
|
||||
saml.idp=<idp_issuer_url>
|
||||
saml.sp=http://localhost:8080/saml/metadata
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<md:EntityDescriptor
|
||||
entityID="http://www.okta.com/exk26fxqrz8LLk9dV4x7"
|
||||
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
|
||||
<md:IDPSSODescriptor
|
||||
WantAuthnRequestsSigned="false"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<md:KeyDescriptor use="signing">
|
||||
<ds:KeyInfo
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAXGiSQ7ZMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
|
||||
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
|
||||
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi05MjY2NjYxHDAaBgkqhkiG9w0BCQEW
|
||||
DWluZm9Ab2t0YS5jb20wHhcNMjAwNDIyMTQyNjA5WhcNMzAwNDIyMTQyNzA5WjCBkjELMAkGA1UE
|
||||
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
|
||||
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtOTI2NjY2MRwwGgYJ
|
||||
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
g1rQYYqeVx2gl/UUnLJzp5hrm06VOILJB9hIUmNqXgWV3UjzDq/zX0KW8MENjsO7+S8a+LLnYRkb
|
||||
N5egH9FSt8AHtB1pmfXDtpUQmWe9yJbNxbCISoc6XzCmaRw3HRv9pK5SciIutciz9lvFaHMWAWtP
|
||||
MmQSKdhMet52tuf6sTy4ODeXjyMnD9q5QOKww1SJ678wjHbGRRhNvCxvTSAH33sa4oNCf2RvP9hp
|
||||
NiJRcYW9yLZXmZArPQOuAx5PIXfHhK2e4ac39YO4fgO7gwU5TZ+vL7o6iEmd9tk44PrND0ZV5yzZ
|
||||
+Y33Hiun3fIiZu/nZZGUjm4k4exl8JJpwrVTHQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBcfHcL
|
||||
2DjTjZGoANF4dPpGXTYdVnL/XzGiLS+3LR/HDrEz/EqsHouF40RnzdZ7Ax7RReKBYCUUqHpSE+LU
|
||||
ductz2ANguzyseGEn72I4Ym4ytQWnFyTXeW+xI9CoCLGfOUhT1hlKjsu/qNM8qwKFPWkzQp7mDN8
|
||||
S9MGhsnbiyeD/lceAEKw16Os73/sX2j7F+43WVCYRDCRB8pRIPfcqYLXUIUSstQlwEvCF7HyeO4+
|
||||
jxKHA1tp9Cpmj7/VD9TE3fyvrbVmfjTbKjF7/0wYQNfbHDDko0ratDMAizG5/d3i9wk9KbGCHSxT
|
||||
ph5nl1pdjKgAYPK0iNDnGCZbGKzXOrqV
|
||||
</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||
</md:NameIDFormat>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
||||
</md:NameIDFormat>
|
||||
<md:SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="https://dev-926666.okta.com/app/dev-926666_baeldungspringsecuritysaml_1/exk26fxqrz8LLk9dV4x7/sso/saml" />
|
||||
<md:SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="https://dev-926666.okta.com/app/dev-926666_baeldungspringsecuritysaml_1/exk26fxqrz8LLk9dV4x7/sso/saml" />
|
||||
</md:IDPSSODescriptor>
|
||||
</md:EntityDescriptor>
|
||||
Binary file not shown.
|
|
@ -0,0 +1,13 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<body>
|
||||
<h6 class="border-bottom border-gray pb-2 mb-0">Something went wrong</h6>
|
||||
<div class="media text-muted pt-3">
|
||||
<i class="fas fa-door-closed fa-2x fa-fw mr-2 spring-green" data-fa-transform="shrink-4"></i>
|
||||
<p class="media-body pb-3 mb-0 small lh-125 border-bottom border-gray">
|
||||
An error occurred
|
||||
</p>
|
||||
</div>
|
||||
<body>
|
||||
|
||||
</html>
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Baeldung Spring Security SAML: Home</title>
|
||||
</head>
|
||||
<body>
|
||||
<h3><Strong>Welcome!</strong><br/>You are successfully logged in!</h3>
|
||||
<p>You are logged as <span class="badge badge-dark" th:text="${username}">null</span>.</p>
|
||||
<small>
|
||||
<a th:href="@{/logout}">Logout</a>
|
||||
</small>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Baeldung Spring Security SAML</title>
|
||||
</head>
|
||||
<body>
|
||||
<h3><Strong>Welcome to Baeldung Spring Security SAML</strong></h3>
|
||||
<a th:href="@{/auth}">Login</a>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue