Search in sources :

Example 1 with RelyingPartyRegistrationRepository

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository in project midpoint by Evolveum.

the class SamlModuleWebSecurityConfiguration method buildInternal.

private static SamlModuleWebSecurityConfiguration buildInternal(Saml2AuthenticationModuleType modelType, String prefixOfSequence, String publicHttpUrlPattern, ServletRequest request) {
    SamlModuleWebSecurityConfiguration configuration = new SamlModuleWebSecurityConfiguration();
    build(configuration, modelType, prefixOfSequence);
    List<Saml2ServiceProviderAuthenticationModuleType> serviceProviders = modelType.getServiceProvider();
    List<RelyingPartyRegistration> registrations = new ArrayList<>();
    serviceProviders.forEach(serviceProviderType -> {
        Saml2KeyAuthenticationModuleType keysType = serviceProviderType.getKeys();
        Saml2ProviderAuthenticationModuleType providerType = serviceProviderType.getIdentityProvider();
        RelyingPartyRegistration.Builder registrationBuilder = getRelyingPartyFromMetadata(providerType.getMetadata(), providerType);
        SamlAdditionalConfiguration.Builder additionalConfigBuilder = SamlAdditionalConfiguration.builder();
        createRelyingPartyRegistration(registrationBuilder, additionalConfigBuilder, providerType, publicHttpUrlPattern, configuration, keysType, serviceProviderType, request);
        RelyingPartyRegistration registration = registrationBuilder.build();
        registrations.add(registration);
        configuration.additionalConfiguration.put(registration.getRegistrationId(), additionalConfigBuilder.build());
    });
    InMemoryRelyingPartyRegistrationRepository relyingPartyRegistrationRepository = new InMemoryRelyingPartyRegistrationRepository(registrations);
    configuration.setRelyingPartyRegistrationRepository(relyingPartyRegistrationRepository);
    return configuration;
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArrayList(java.util.ArrayList) InMemoryRelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository)

Example 2 with RelyingPartyRegistrationRepository

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository in project spring-security by spring-projects.

the class Saml2LoginConfigurer method init.

/**
 * {@inheritDoc}
 * <p>
 * Initializes this filter chain for SAML 2 Login. The following actions are taken:
 * <ul>
 * <li>The WebSSO endpoint has CSRF disabled, typically {@code /login/saml2/sso}</li>
 * <li>A {@link Saml2WebSsoAuthenticationFilter is configured}</li>
 * <li>The {@code loginProcessingUrl} is set</li>
 * <li>A custom login page is configured, <b>or</b></li>
 * <li>A default login page with all SAML 2.0 Identity Providers is configured</li>
 * <li>An {@link AuthenticationProvider} is configured</li>
 * </ul>
 */
@Override
public void init(B http) throws Exception {
    registerDefaultCsrfOverride(http);
    relyingPartyRegistrationRepository(http);
    this.saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http), this.loginProcessingUrl);
    setAuthenticationRequestRepository(http, this.saml2WebSsoAuthenticationFilter);
    setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
    super.loginProcessingUrl(this.loginProcessingUrl);
    if (StringUtils.hasText(this.loginPage)) {
        // Set custom login page
        super.loginPage(this.loginPage);
        super.init(http);
    } else {
        Map<String, String> providerUrlMap = getIdentityProviderUrlMap(this.authenticationRequestUri, this.relyingPartyRegistrationRepository);
        boolean singleProvider = providerUrlMap.size() == 1;
        if (singleProvider) {
            // Setup auto-redirect to provider login page
            // when only 1 IDP is configured
            this.updateAuthenticationDefaults();
            this.updateAccessDefaults(http);
            String loginUrl = providerUrlMap.entrySet().iterator().next().getKey();
            final LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(loginUrl);
            registerAuthenticationEntryPoint(http, entryPoint);
        } else {
            super.init(http);
        }
    }
    this.initDefaultLoginFilter(http);
}
Also used : LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)

Aggregations

ArrayList (java.util.ArrayList)1 InMemoryRelyingPartyRegistrationRepository (org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository)1 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)1 Saml2WebSsoAuthenticationFilter (org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)1 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1