I followed the spring tutorial for setting up SSO with saml. My filterChain is looking like this:
@Bean
open fun filterChain(http: HttpSecurity): SecurityFilterChain {
val authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder::class.java)
val samlUserDetailsServiceImpl = SAMLUserDetailsServiceImpl()
authenticationManagerBuilder.userDetailsService<UserDetailsService>(samlUserDetailsServiceImpl)
val authenticationManager = authenticationManagerBuilder.build()
http
.authenticationProvider(samlAuthenticationProvider(samlUserDetailsServiceImpl))
http
.httpBasic()
.authenticationEntryPoint(samlEntryPoint());
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter::class.java)
.addFilterAfter(loginSuccessFilter(authenticationManager), BasicAuthenticationFilter::class.java)
http
.csrf()
.disable()
.authorizeHttpRequests()
.requestMatchers("/saml*", "/*.gif", "/*.jpg", "/*.jpeg", "/*.png", "/*.jsp", "/*.js", "/*.css", "/console*").permitAll().anyRequest().authenticated()
.and()
.authenticationManager(authenticationManager)
return http.build()
when logging in it jumps into the loginSuccessFilter (inherits from samlprocessingfilter) and there it gets stuck by checking the metadata post-bind, which is missing at this point and a SAMLException is thrown. The local metadata xml includes the post-bind and the base url is set in the metadataGenerator:
@Bean
open fun metadataGenerator(): MetadataGenerator? {
val metadataGenerator = MetadataGenerator()
metadataGenerator.entityId = "com:project:brxm"
metadataGenerator.entityBaseURL = "http://localhost:8080/cms"
metadataGenerator.extendedMetadata = extendedMetadata()
metadataGenerator.isIncludeDiscoveryExtension = false
metadataGenerator.setKeyManager(keyManager())
return metadataGenerator
}
I don't know why the post-bind is getting missing ? Thanks for any hint in advance
