Stack Overflow
Stack Overflow

Questions tagged [spring-saml]

Spring Security SAML Extension enables seamless inclusion of SAML 2.0 Service Provider capabilities in Spring applications.

Spring Security SAML Extension enables integration of Spring applications with all SAML 2.0 Identity Provider products such as ADFS 2.0, Shibboleth, OpenAM/OpenSSO, Ping Federate and Okta.

Official Website: http://projects.spring.io/spring-security-saml/

Useful links:

753 questions
10
votes
1 answer

How to add new idp metadata in spring-SAML at runtime

I am integrating spring-security-saml extension to support SSO in my web-application, my application should allow different customers to add their IDP metadata and their certificate to my webapp (which is an SP) so that my webapp can initiate SSO…
Rahul
  • 824
  • 1
  • 12
  • 27
10
votes
4 answers

Spring SAML Extension and Spring Security CSRF Protection Conflict

We have a Spring MVC (4.0.5) application with Spring Security (3.2.4) which includes CSRF protection which works fine. We are now adding the SAML security extension (spring-security-saml2-core 1.0.0) which causes an issue with CSRF protection. The…
Paul Croarkin
  • 14,496
  • 14
  • 79
  • 118
10
votes
3 answers

Issues while integrating ADFS with Spring SAML Extension

I am working on integrating Spring SAML Extension within our appliaction and for SSO with one of our client's ADFS2.0 as the IDP we have generated Service provider meta data from our appliaction and imported ADFS meta data into our appliaction.When…
Vikas Shivashankara
  • 177
  • 1
  • 2
  • 8
10
votes
1 answer

"HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid" with Salesforce as IdP for implementating SSO

I've implemented SSO using Spring SAML and everything is working fine. It worked with the following IDP's till now: 1) idp.ssocircle.com 2) openidp.feide.no Now I'm testing with salesforce.com as my Identity Provider. As there is no provision to…
abhilash
  • 785
  • 1
  • 10
  • 19
10
votes
2 answers

HttpSession returned null object for SPRING_SECURITY_CONTEXT

I'm trying to integrate the Spring Saml library in a sample webapplication, using Shibboleth as IDP. I'm able to load the login page, to login and to show the index page. The problem is that when I click on other links the webapp redirect me to the…
Emanuele
  • 621
  • 1
  • 6
  • 10
9
votes
1 answer

Spring Security SAML, Redirects going to HTTP instead of HTTPS when using SAMLContextProviderLB set to HTTPs scheme

Attached my context provider for SAMLContextProviderLB bean ****
Fernando
  • 91
  • 1
  • 3
9
votes
1 answer

Spring Security SAML + HTTPS to another page

I created a project with Spring Security SAML. I need to write a code (same project), which connects with another server by HTTPS POST with SOAP: PostMethod post = new PostMethod("https://www.somepage.com"); …
Tom
  • 91
  • 1
  • 3
9
votes
2 answers

How do I automatically pick the configured SAML Identity provider in a multi-tenant environment to do SSO using Spring SAML

I am using Spring SAML in a multi-tenant application to provide SSO. Different tenants use different urls to access the application, and each has a separate Identity Provider configured. How do I automatically assign the correct Identity Provider…
MarcFasel
  • 1,080
  • 10
  • 19
9
votes
2 answers

How do I configure Spring Security SAML to work with Okta?

I'm trying to make spring-boot-security-saml-sample application work with Okta. To add Okta as a provider, I've made the following changes to WebSecurityConfig.java: https://gist.github.com/mraible/c8b52972f76e6f5e30d5 I found the following question…
Matt Raible
  • 8,187
  • 9
  • 61
  • 120
9
votes
1 answer

spring saml: How is LOGOUT handled? Is it mandatory to have logout endpoint in IDP metadata xml?

I am using Spring SAML implementation. SSO circle metadata xml was having logout endpoint which helps in local logout and global logout. But there are some other IDP's which I am interacting with and are not having logout endpoints in their metadata…
SM KUMAR
  • 475
  • 2
  • 8
  • 13
9
votes
2 answers

Spring Security SAML - Failed to verify signature

I'm using the Spring Security SAML 2.0 sample webapp on Tomcat 7 and have modified it to try to get it to authenticate against a Ping Identity service. The webapp is talking to the service and it's sending back an assertion, but it's failing when…
Closeratio
  • 615
  • 2
  • 6
  • 13
8
votes
1 answer

SAML Vulnerability Note VU#475445 - Is Spring Secucity SAML2 affected?

https://www.kb.cert.org/vuls/id/475445 has just been disclosed. Is this impacting Spring Security SAML2? I can't see the XML parser used on Spring Security SAML2 on the list of affected APIs. Let us know.
Petras Butkevicius
  • 93
  • 1
  • 4
8
votes
2 answers

SSO Session Timeout works incorrectly

I'm trying to configure session timeout using WSO IS 5.1.0. I have one Service Provider, which has session timout 10 minutes. I've configured SSO sesison timeot to 10 minutes in WSO2 is using Managment console on Resident Identity Provider section.…
Taras Kohut
  • 2,505
  • 3
  • 18
  • 42
8
votes
1 answer

Spring saml - how remember request parameter when initiate login on SP, and procesing them after IdP response

I want remember url request parameter from first request of my site (SP) and use them after response from IdP. I'm using spring-saml extension and think about relayState attribute but can't find example how build it with parameters from request. I…
Dariusz Skrudlik
  • 509
  • 7
  • 16
7
votes
2 answers

Spring-SAML : Incoming SAML message is invalid

I am facing an issue while integrating my app with SAML. The following is my error: org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication: Incoming SAML message is invalid org.opensaml.common.SAMLException: Endpoint with…
Jiten
  • 153
  • 1
  • 3
  • 9
1
2
3
50 51