Skip to content

enhancement to support overriding SAMLRequest #9209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

enhancement to support overriding SAMLRequest #9209

wants to merge 1 commit into from

Conversation

ghost
Copy link

@ghost ghost commented Nov 18, 2020
edited by ghost
Loading

This PR is to enhance the SAMLRequest by providing support to override a few of the parameters mentioned in the issue GH-9199.

Support Added

  1. isPassive
  2. ForceAuth
  3. AuthnContextClassRef

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 18, 2020
jzheaux
jzheaux requested changes Nov 25, 2020
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @Adi-devops! I've left some feedback inline.

@jzheaux jzheaux mentioned this pull request Nov 30, 2020
Closed
jzheaux
jzheaux requested changes Nov 30, 2020
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @Adi-devops, for the updates! I've left a bit more feedback inline.

Also, in preparation for merging, will you please squash your commits and in the resulting commit ensure that you have the phrase Closes gh-9199 at the end?

@ghost
Copy link
Author

ghost commented Jan 22, 2021

@jzheaux Can you please review the PR.

@jzheaux jzheaux mentioned this pull request Oct 14, 2021
Closed
@jzheaux jzheaux added in: saml2 An issue in SAML2 modules status: blocked An issue that's blocked on an external project change and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 9, 2021
@jzheaux
Copy link
Contributor

jzheaux commented Dec 9, 2021

Blocked by #9277. Let's revisit once that PR is closed.

@jzheaux jzheaux removed their assignment Dec 9, 2021
@ghost
Copy link
Author

ghost commented Dec 13, 2021

Sure that would be great

@jzheaux
Copy link
Contributor

jzheaux commented Jan 25, 2022

Now that #9277 is merged, an application can do the following to set each of these properties:

First, isPassive:

@Bean 
Saml2AuthenticationRequestResolver authenticationRequests(RelyingPartyRegistrationResolver registrations) {
    Saml2AuthenticationRequestResolver resolver = new OpenSaml4AuthenticationRequestResolver(registrations);
    resolver.setAuthnRequestCustomizer((params) -> params.getAuthnRequest().setIsPassive(Boolean.TRUE));
    return resolver;
}

Second, ForceAuthn:

@Bean 
Saml2AuthenticationRequestResolver authenticationRequests(RelyingPartyRegistrationResolver registrations) {
    Saml2AuthenticationRequestResolver resolver = new OpenSaml4AuthenticationRequestResolver(registrations);
    resolver.setAuthnRequestCustomizer((params) -> params.getAuthnRequest().setForceAuthn(Boolean.TRUE));
    return resolver;
}

And third, AuthContextClassRef:

@Bean 
Saml2AuthenticationRequestResolver authenticationRequests(RelyingPartyRegistrationResolver registrations) {
    AuthnContextClassRef ref = // .. construct with OpenSAML
    Saml2AuthenticationRequestResolver resolver = new OpenSaml4AuthenticationRequestResolver(registrations);
    resolver.setAuthnRequestCustomizer((params) -> params.getAuthnRequest()
            .getRequestedAuthnContext().getAuthnContextClassRefs().add(ref));
    return resolver;
}

Because of this, I think that we don't need to introduce additional fields into Saml2AuthenticationRequestContext et al.

Thank you so much for your efforts. I'm going to close this; please feel free to reopen if you feel this doesn't address the issue.

@jzheaux jzheaux closed this Jan 25, 2022
@jzheaux jzheaux added status: declined A suggestion or change that we don't feel we should currently apply and removed status: blocked An issue that's blocked on an external project change labels Jan 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
in: saml2 An issue in SAML2 modules status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jzheaux @spring-projects-issues