Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565

Closed
inabumst opened this issue Oct 24, 2019 · 2 comments · Fixed by #7587
Closed

spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565

inabumst opened this issue Oct 24, 2019 · 2 comments · Fixed by #7587
Assignees
@fhanik
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.2.1

Comments

@inabumst
Copy link

Summary

Saml2WebSsoAuthenticationFilter has constant DEFAULT_FILTER_PROCESSES_URI. The logic of the filter heavily relies on it. This configuration makes possibility of providing "assertionConsumerServiceUrlTemplate" in RelyingPartyRegistration useless. If application needs to use different format than DEFAULT_FILTER_PROCESSES_URI, the response from identity provider is not processed.

Actual Behavior

Saml2WebSsoAuthenticationFilter is not called or RelyingPartyRegistration is not detected when executing filter logic

Expected Behavior

Saml2WebSsoAuthenticationFilter should be configurable.

Version

5.2.0.RELEASE
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Oct 24, 2019
@fhanik fhanik self-assigned this Oct 24, 2019
@fhanik fhanik added in: saml2 An issue in SAML2 modules type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 24, 2019
@fhanik fhanik added this to the 5.2.1 milestone Oct 24, 2019
@fhanik
Copy link
Contributor

fhanik commented Oct 24, 2019

@inabumst Thank you for the report. I will work on this.

fhanik added a commit to fhanik/spring-security that referenced this issue Oct 30, 2019
@fhanik
Make the loginProcessingUrl configurable for saml2Login()
977db36 
Fixes spring-projectsgh-7565

spring-projects#7565
@fhanik fhanik mentioned this issue Oct 30, 2019
Merged
fhanik added a commit that referenced this issue Oct 31, 2019
@fhanik
Make the loginProcessingUrl configurable for saml2Login()
0cafcf3 
Fixes gh-7565

#7565
@fhanik
Copy link
Contributor

fhanik commented Oct 31, 2019

Dear @inabumst, this has been implemented and is configured similarly to the oauth2login() implementation

.saml2Login()
	.loginProcessingUrl("/sample/jc/saml2/sso/{registrationId}")

Note, this is not read from the RelyingPartyRegistration.getAssertionConsumerServiceUrlTemplate field. This field is used when generating metadata or authentication request forms.

The RelyingPartyRegistration gets resolved after the filter has been invoked and is processing the request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fhanik fhanik

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.1
Development

Successfully merging a pull request may close this issue.

Make the loginProcessingUrl configurable for saml2Login() fhanik/spring-security
3 participants
@fhanik @spring-projects-issues @inabumst