DEVHIDE
Login Or Sign up

SAML integration is breaking after upgrading to spring boot 3.0.6

236 Views Asked by At

I have integrated SAML with Spring Security, and recently upgraded to spring 3.0.6. After upgrading the SAML integration is broken. Below is the problem description.

After successful authentication, redirecting to "https://example.com/contextPath/login/saml2/sso/app", and this request is getting success in spring 5, and getting fail in Spring 6. After debugging spring internals found below code difference.

In Spring 5 : While executing the redirected request, requiresAuthentication() method always returns false and executes successfully. Below is the code snippet in Spring 5.

package org.springframework.security.saml2.provider.service.servlet.filter; 

public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

@Override
protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
    return (super.requiresAuthentication(request, response) && StringUtils.hasText(request.getParameter(Saml2ParameterNames.SAML_RESPONSE)));
  }

}

In Spring 6 : While executing the redirected request, requiresAuthentication() method returns true and getting the error response. Below is the code snippet in Spring 6.

package org.springframework.security.saml2.provider.service.web.authentication;

public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

@Override
protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
    return super.requiresAuthentication(request, response);
}

}

Please suggest how to proceed with Spring 6.

Below is the SAML configuration.

http.saml2Login(saml2 -> {      saml2.relyingPartyRegistrationRepository(relyingPartyRegistrations());
saml2.defaultSuccessUrl("https://example.com/contextPath/login/saml2/sso/app");
saml2.authenticationManager(new ProviderManager(authenticationProvider));
saml2.successHandler(new SAMLLoginSuccessHandler());
            });

I have added cookie to the response like below

Cookie cookie = new Cookie("auth", jwtToken);
cookie.setHttpOnly(true);
cookie.setSecure(true);
cookie.setPath("/contextPath");
response.addCookie(cookie);

When its redirected, its inspected in the browser and below is the image Image1

when the redirected request is sent below is the image. Image2

spring-boot spring-security single-sign-on saml spring-saml
Original Q&A
0

There are 0 best solutions below

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in SINGLE-SIGN-ON

Related Questions in SAML

Related Questions in SPRING-SAML

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.