Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

Closed
MichaelVetter opened this issue Jan 4, 2023 · 2 comments
Closed

XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

MichaelVetter opened this issue Jan 4, 2023 · 2 comments
Assignees
@jzheaux
Labels
in: config An issue in spring-security-config type: bug A general bug
Milestone
5.8.9

Comments

@MichaelVetter
Copy link

Describe the bug
XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8.1:

"java.lang.UnsupportedClassVersionError: org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0"

With Spring Security 5.7.x it worked because the OpenSaml4* classes were compiled to Java 8 bytecode.

The problem is in these classes:
org.springframework.security.config.http.Saml2LoginBeanDefinitionParserUtils
org.springframework.security.config.http.Saml2LogoutBeanDefinitionParserUtils

They do not check the OpenSaml version like other spring-security classes that use OpenSaml4* classes, e.g.

static BeanDefinition createAuthenticationProvider() {
	return BeanDefinitionBuilder.rootBeanDefinition(
			"org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider")
			.getBeanDefinition();
}

To Reproduce
Use XML namespace with saml2-login configuration, Java 8 and spring-security 5.8.x.

Expected behavior
XML Namespace with saml2-login configuration should work using Java 8, OpenSaml 3 and spring-security 5.8
@MichaelVetter MichaelVetter added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jan 4, 2023
@jzheaux
Copy link
Contributor

jzheaux commented Jan 4, 2023

Thanks, @MichaelVetter, we'll take a look at making this change in the next point release.

@jzheaux jzheaux self-assigned this Jan 4, 2023
@jzheaux jzheaux added this to the 5.8.2 milestone Jan 4, 2023
@jzheaux jzheaux added in: config An issue in spring-security-config and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 4, 2023
@sjohnr sjohnr modified the milestones: 5.8.2, 5.8.3 Feb 17, 2023
@MichaelVetter
Copy link
Author

Compilation to Java 8 bytecode would be the preferred solution because under certain conditions Websphere complains about classes with newer bytecode.

@marcusdacoregio marcusdacoregio modified the milestones: 5.8.3, 5.8.4 Apr 17, 2023
@marcusdacoregio marcusdacoregio modified the milestones: 5.8.4, 5.8.5 Jun 17, 2023
@marcusdacoregio marcusdacoregio modified the milestones: 5.8.5, 5.8.6 Jul 17, 2023
@sjohnr sjohnr modified the milestones: 5.8.6, 5.8.7 Aug 19, 2023
@sjohnr sjohnr modified the milestones: 5.8.7, 5.8.8 Sep 18, 2023
@sjohnr sjohnr modified the milestones: 5.8.8, 5.8.9 Oct 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
5.8.9
Development

No branches or pull requests
4 participants
@jzheaux @sjohnr @MichaelVetter @marcusdacoregio