Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow configuration of AuthenticationManager in saml2Login() #7654

Closed
eleftherias opened this issue Nov 18, 2019 · 2 comments · Fixed by #7693
Closed

Allow configuration of AuthenticationManager in saml2Login() #7654

eleftherias opened this issue Nov 18, 2019 · 2 comments · Fixed by #7693
Assignees
Milestone

Comments

@eleftherias
Copy link
Contributor

@eleftherias eleftherias commented Nov 18, 2019

Summary

It should be easier to configure the authoritiesExtractor, authoritiesMapper and responseTimeValidationSkew on the OpenSamlAuthenticationProvider.
See gh-7642.

Allowing an authenticationManagerResolver for SAML2 login will allow customizing the OpenSamlAuthenticationProvider.

This should be similar to OAuth2ResourceServerConfigurer.authenticationManagerResolver.

@fhanik

This comment has been minimized.

Copy link
Contributor

@fhanik fhanik commented Dec 3, 2019

@eleftherias I've been reviewing this, and implemented a possible solution in 1d71a62.

It does however become difficult to justify the use of a AuthenticationManagerResolver simply for the ability to configure setters on the authentication provider.

The AbstractAuthenticationFilterConfigurer calls setAuthenticationManager making the end result of the configuration less obvious.

I will continue reviewing this, but may opt to just make the authentication provider configurable, or the options on it, rather than adding a resolver.

@eleftherias

This comment has been minimized.

Copy link
Contributor Author

@eleftherias eleftherias commented Dec 3, 2019

@fhanik The idea with having the AuthenticationManagerResolver configurable is that it would support multi-tenancy in the future.
For now, we only need the ability to set the options on the provider.
I will leave it up to you to decide which option is best.

fhanik added a commit to fhanik/spring-security that referenced this issue Dec 3, 2019
fhanik added a commit to fhanik/spring-security that referenced this issue Dec 17, 2019
@fhanik fhanik closed this in #7693 Dec 17, 2019
fhanik added a commit that referenced this issue Dec 17, 2019
jzheaux added a commit that referenced this issue Dec 18, 2019
Changed indentation on saml2Login() snippets to align more closely
with surrounding documentation.

Also removed call to super.configure as this would enable formLogin as
well as httpBasic. Replaced with default endpoint authorization
statement.

Issue gh-7654
@eleftherias eleftherias added this to the 5.3.0.M1 milestone Jan 8, 2020
@eleftherias eleftherias changed the title Allow configuring authenticationManagerResolver for SAML2 Allow configuration of AuthenticationManager in saml2Login() Jan 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.