Spring Security SAML2 - How to implement manual Saml2 login

616 Views Asked by phiphophe At 05 May 2023 at 07:28

My old system is using OpenSAML 1.0 and now I want to upgrade to Spring Security SAML2. In the old system I used OpenSAML 1.0 and did the authentication completely manually, after switching to Spring Security SAML2, I found it very difficult.

Currently I am facing 2 problems as follows:

How can I allow user (Admin) to change information of IDP (Gsuite, Okta...), then user (User) can login based on that IDP?
Is there a way to do SAML2 Log in manually?

I have an IDPMetadata.xml file stored in the database, how can I make a saml2:AuthnRequest and a saml2:AuthnReponse? based on HttpServlet?

@Configuration
public class PESaml2Configuration {
    
    @Autowired
    private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
    
    @Autowired
    private RelyingPartyRegistrations relyingPartyRegistrations;
    
     @Bean
        public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         PESaml2Authentication authentication = new PESaml2Authentication();
            http
            .authorizeHttpRequests()
            .antMatchers("/saml2Login").permitAll()
            .and()
            .saml2Login()
            .failureHandler(authentication)
            .successHandler(authentication);

        return http.build();
    }
    
    @Bean
    protected RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
        Saml2X509Credential credential = credential();
        RelyingPartyRegistration registration = RelyingPartyRegistration
                .withRegistrationId("okta-saml")
                .assertingPartyDetails(party -> party
                    .entityId("http://www.okta.com/xxxxxxxxxxxx")
                    .singleSignOnServiceLocation("https://dev-13805256.okta.com/app/xxxxx/sso/saml")
                    .wantAuthnRequestsSigned(false)
                    .verificationX509Credentials(c -> c.add(credential))
                ).build();
        return new InMemoryRelyingPartyRegistrationRepository(registration);
    }
    
    private Saml2X509Credential credential() throws IOException, CertificateException {
        RelyingPartyRegistration registrations = RelyingPartyRegistrations.fromMetadata(null).registrationId("ok").build();
        Resource resource = new ClassPathResource("credentials/okta.cert");
        try (InputStream is = resource.getInputStream()) {
            X509Certificate certificate = (X509Certificate)
                    CertificateFactory.getInstance("X.509").generateCertificate(is);
            return Saml2X509Credential.verification(certificate);
        }
    }

Original Q&A

Spring Security SAML2 - How to implement manual Saml2 login

There are 0 best solutions below

Related Questions in JAVA

Related Questions in SPRING

Related Questions in SPRING-SECURITY

Related Questions in SAML-2.0

Related Questions in SPRING-SECURITY-SAML2

Trending Questions

Popular # Hahtags

Popular Questions