Skip to content

Add Saml2AuthenticationRequestContextResolver #8360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Apr 8, 2020 · 0 comments
Closed

Add Saml2AuthenticationRequestContextResolver #8360

jzheaux opened this issue Apr 8, 2020 · 0 comments
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Milestone
5.4.0-M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 8, 2020

Related to #8356

In order for implementations of Saml2AuthenticationRequestFactory to take advantage of custom Saml2AuthenticationRequestContext instances, an application needs to create a custom filter, replacing Saml2WebSsoAuthenticationRequestFilter.

It would be simpler to have an API dedicated to resolving the Saml2AuthenticationRequestContext from the HttpServletRequest and RelyingPartyRegistration:

@Component
public class MyAuthenticationRequestContextResolver
        implements Saml2AuthenticationRequestContextResolver {

    private final Saml2AuthenticationRequestContextResolver delegate = 
            new DefaultSaml2AuthenticationRequestContextResolver();

    public Saml2AuthenticationRequestContext resolve(HttpServletRequest request, 
            RelyingPartyRegistration relyingParty) {

        boolean isForceAuthn = request.getParameter("force") != null;
        Saml2AuthenticationRequestContext context = this.delegate.resolve(request, relyingParty);
        return new MyAuthenticationRequestContext(context, isForceAuthn);
    }
}

The default implementation should extract the logic for formulating the Saml2AuthenticationRequestContext from Saml2WebSsoAuthenticationRequestFilter.

Saml2WebSsoAuthenticationRequestFilter should use the DefaultSaml2AuthenticationRequestContextResolver by default and have a setter for configuring a Saml2AuthenticationRequestContextResolver instance.

The interface and default implementation should be in org.springframework.security.saml2.provider.service.web. Note that the implementation currently in Saml2WebSsoAuthenticationRequestFilter refers to some package-private utility classes. They are rather small, so it will probably be best to inline them into DefaultSaml2AuthenticationRequestContextResolver for the time being.
@jzheaux jzheaux added type: enhancement A general enhancement status: ideal-for-contribution An issue that we actively are looking for someone to help us with in: saml2 An issue in SAML2 modules labels Apr 8, 2020
@jzheaux jzheaux self-assigned this Apr 8, 2020
@jzheaux jzheaux mentioned this issue Apr 8, 2020
Closed
@shazin shazin mentioned this issue Apr 11, 2020
Closed
shazin added a commit to shazin/spring-security that referenced this issue Apr 15, 2020
@shazin
Delegating Saml2AuthenticationRequestContext creation to Saml2Authent…
d7c5a40 
…icationRequestContextResolver

Saml2AuthenticationRequestContext creation logic is not extensible at
the moment as it is provided inside of Saml2WebSsoAuthenticationRequestFilter.
This change enables to custom logic to be used when creating Saml2AuthenticationRequestContext by
taking the logic from the aforementioned filter to a seperate extensible
API by the name Saml2AuthenticationRequestContextResolver.

This provides following API contract and implementation:

 - Saml2AuthenticationRequestContextResolver
 - DefaultSaml2AuthenticationRequestContextResolver

Fixes spring-projectsgh-8360
jzheaux added a commit that referenced this issue Apr 17, 2020
@jzheaux
Polish DefaultSaml2AuthenticationRequestContextResolver
ab77289 
- Added more tests
- Standardized terminology

Issue gh-8360
@jzheaux jzheaux added this to the 5.4.0-M1 milestone Jul 16, 2020
jzheaux added a commit to jzheaux/spring-security that referenced this issue Aug 4, 2020
@jzheaux
Polish DefaultSaml2AuthenticationRequestContextResolver
03e6478 
Issue spring-projectsgh-8360
Issue spring-projectsgh-8887
jzheaux added a commit that referenced this issue Aug 5, 2020
@jzheaux
Polish DefaultSaml2AuthenticationRequestContextResolver
a10c2c6 
Issue gh-8360
Issue gh-8887
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M1
1 participant
@jzheaux