Skip to content

Saml2LoginConfigurer should pick up Saml2AuthenticationTokenConverter bean #10268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Sep 14, 2021 · 0 comments · Fixed by #10275
Closed

Saml2LoginConfigurer should pick up Saml2AuthenticationTokenConverter bean #10268

jzheaux opened this issue Sep 14, 2021 · 0 comments · Fixed by #10275
Assignees
@marcusdacoregio
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.6.0-M3

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Sep 14, 2021
edited
Loading

Related to #10243

To customize how a RelyingPartyRegistration is resolved from a login request, an application needs to configure an Saml2AuthenticationTokenConverter in the DSL:

@Bean
SecurityFilterChain appSecurity(HttpSecurity http, RelyingPartyRegistrationRepository registrations) throws Exception {
    RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(registrations);
    Saml2AuthenticationTokenConverter authenticationConverter = new Saml2AuthenticationTokenConverter(registrationResolver);
    http
        .authorizeHttpRequests((authorize) -> authorize
            .anyRequest().authenticated()
        )
        .saml2Login((saml2) -> saml2
            .authenticationConverter(authenticationConverter)
        );

    return http.build();
}

Because a Saml2AuthenticationTokenConverter is often based on a RelyingPartyRegistrationRepository bean, this could be modestly simplified by Saml2LoginConfigurer picking up a Saml2AuthenticationTokenConverter bean:

@Bean 
Saml2AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) {
    RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(registrations);
    return new Saml2AuthenticationTokenConverter(registrationResolver);
}
@jzheaux jzheaux added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Sep 14, 2021
@jzheaux jzheaux added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 14, 2021
@jzheaux jzheaux added this to the 5.6.0-M3 milestone Sep 14, 2021
@jzheaux jzheaux changed the title Saml 2.0 DSL support should pick up RelyingPartyRegistrationResolver bean Saml2LoginConfigurer should pick up Saml2AuthenticationTokenConverter bean Sep 15, 2021
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue Sep 16, 2021
@marcusdacoregio
Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConver…
565b534 
…ter bean

Closes spring-projectsgh-10268
@marcusdacoregio marcusdacoregio mentioned this issue Sep 16, 2021
Merged
marcusdacoregio added a commit that referenced this issue Sep 17, 2021
@marcusdacoregio
Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConver…
0364518 
…ter bean

Closes gh-10268
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.6.0-M3
2 participants
@jzheaux @marcusdacoregio