choonchernlim / spring-security-adfs-saml2 Goto Github PK
View Code? Open in Web Editor NEWSpring Security module to authenticate against ADFS using SAML2 protocol
License: MIT License
Spring Security module to authenticate against ADFS using SAML2 protocol
License: MIT License
What is the best way to get this working with Spring oAuth2?
When I setup the basic configuration as you've described in the README, the application fails to start due to missing beans such as, SAMLAuthenticationProvider, MetadataManager, etc. Doesn't your library configure all the required beans it and the saml-extension library needs?
Hello ,
How we can invoke the endpoint /samel/login from backend , I don't want to use forms !
thanks,
Trying to upgrade the Spring Boot version of an application from 2.4 to 2.6, I found that the dependency for the ADFS connection actually suffers from some circular dependencies.
At first, I found that the
@Autowired
private SAMLAuthenticationProvider samlAuthenticationProvider;
field clashes with the
@Bean
public SAMLAuthenticationProvider samlAuthenticationProvider()
declaration. Yet, after removing the field and just using the bean configuration, Spring reported a dependency loop between samlEntryPoint
and samlIDPDiscovery
that I could not find a patch for.
These are obviously "resolved" by using the configuration
spring.main.allow-circular-references=true
Great library, works like a charm.
Just wanted to know how can I configure a specific behavior/response when a 401 status or
"AuthNResponse;FAILURE" is being sent from the server.
Note: setFailedLoginDefaultUrl didn't have any effect whatsoever, it just redirects to the ADFS login page.
Hello
First many thanks for publishing all these details about ADFS setup with SHA-256 signature support...because I really failed to get it work with SHA-1, probably I made a mistake somewhere in the sequence.
I have first generated my SP private key according to http://docs.spring.io/autorepo/docs/spring-security-saml/current/reference/htmlsingle/#configuration-key-management-private-keys
but when enabling metadata signature option to SHA-256, metadata generation then fails with
Caused by: org.apache.xml.security.signature.XMLSignatureException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:167) ~[xmlsec-1.5.6.jar:1.5.6]
at org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:238) ~[xmlsec-1.5.6.jar:1.5.6]
at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:592) ~[xmlsec-1.5.6.jar:1.5.6]
at org.opensaml.xml.signature.Signer.signObject(Signer.java:77) ~[xmltooling-1.4.1.jar:?]
... 70 more
Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
at java.security.Signature$Delegate.chooseProvider(Signature.java:1135) ~[?:1.8.0_111]
at java.security.Signature$Delegate.engineInitSign(Signature.java:1176) ~[?:1.8.0_111]
at java.security.Signature.initSign(Signature.java:527) ~[?:1.8.0_111]
at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:165) ~[xmlsec-1.5.6.jar:1.5.6]
at org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:238) ~[xmlsec-1.5.6.jar:1.5.6]
at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:592) ~[xmlsec-1.5.6.jar:1.5.6]
at org.opensaml.xml.signature.Signer.signObject(Signer.java:77) ~[xmltooling-1.4.1.jar:?]
... 70 more
So I guessed that my private key was not consistent with signature requirements and I generated a new one with additional keytool options -keyalg RSA -keysize 2048 -sigalg SHA256withRSA
May you please confirm that was the right thing to do, and maybe you generate your private key the same way ? If so please - please - add this important information in your README.md
.
Again thanks for your blog entries and this setup sample project.
Regards
Yves
I love how easy you've made setting up AD FS for me! So I'd first like to say thanks!
It'd be great if this could handle multiple IDPs. I think all that would need be done is allow a dev to add multiple IDP server names and in metadata(), create multiple HTTPMetadataProviders with their own ExtendedMetadataDelegagte and add them all to the list passed to the CachingMetadataManager.
Thanks again!
Is it possible for this library to read the IDP's metadata XML file locally rather than over HTTPS?
Thanks,
Steven
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.