Stack Overflow
Stack Overflow

Questions tagged [spring-security-saml2]

104 questions
1
vote
0 answers

Spring Security SAML infinite retry loop on bad SAMLResponse

I am currently working on configuring Spring Security SAML extension (I am a Service Provider who wants to integrate with multiple Identity Providers). I noticed bizarre behavior. When everything is configured correctly, federated login just works,…
ptkvsk
  • 2,096
  • 1
  • 25
  • 47
1
vote
1 answer

SAML2 - Response doesn't have any valid assertion which would pass subject validation

I had a solution to authenticate using SAML2 that integrates correctly with the idp in the test enviroment. Then now in the production server I am getting this error when the saml response (POST redirection) is handled in our server. I had a look…
jolumg
  • 714
  • 2
  • 15
  • 31
1
vote
1 answer

spring-security-saml2-core upgrade with sprig boot 2

We are trying to upgrade our app to spring boot 2.0 and while doing that we got error java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder. After lot of research, we found…
pankiba
  • 235
  • 1
  • 5
  • 12
1
vote
1 answer

How to use Spring SAML code with jks or signed metdata

The IDP only provided .crt file and metadata xml file, and IDP told us there is no password for .crt file, I created jks file with command:keytool -import -alias zoom -trustcacerts -file qa.crt -keystore keystory.jks. Now,I downloaded the spring…
juhao
  • 11
  • 4
1
vote
2 answers

Spring saml issues when using SP behind a reverse proxy

We have implemented SAML with ADFS authentication using the Spring SAML extension. The SP in on a server A which is behind Nginx, the URL is of the form https://serviceprovider/saml/login (just made it up), the ADFS is on the customer side in a…
David Steven Rojas
  • 31
  • 5
1
vote
0 answers

Restricting Angular URLS in spring security extension

I have integrated spring security saml extension with my angular 4 project. I am trying to restrict access to the URLs using the antmatchers in spring. I want to let the user login if the url is like http://server:port/context/#/welcome but when…
yash6
  • 141
  • 3
  • 14
1
vote
2 answers

Spring Security SAML2 no entityID is found

I'm working to get my Spring Boot (v. 2.0.1) application working with an SSO provider. When I try to hit the login page, I get the following error: No hosted service provider is configured and no alias was selected and when I try to hit the…
Alex Arbit
  • 11
  • 2
1
vote
1 answer

java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored

I have a problem when trying to integrate SAML 2 with Spring Security to my webapp. I'm using: spring-security-saml2-core 1.0.3.RELEASE spring-security-web 3.2.3.RELEASE spring-security-config 3.2.3.RELEASE. security-context.xml …
hmzn
  • 321
  • 2
  • 6
  • 22
1
vote
1 answer

SAMLException: "Assertion invalidated by missing Audience Restriction" when started from identity provider

SAMLException: with the following error "Assertion invalidated by missing Audience Restriction", when I try to do saml login and started from identity provider site with out initiate the request form service provider site. my SP meta data : …
Ahmad Al-Kurdi
  • 2,248
  • 3
  • 23
  • 39
1
vote
1 answer

SAML to Oauth2 using spring security

So the problem I have is that the SAML already has been implemented in the project using spring-security-saml to integrate with federate IDP. And now I need to secure REST API calls that are happening from a place where JSESSIONID can't be persisted…
Fedor Skrynnikov
  • 5,521
  • 4
  • 28
  • 32
0
votes
0 answers

Spring SAML2 integrate with Azure

I created a project with spring SAML2, i'm trying to integrate it with Azure AD, now single sign on flow looks pretty good, but single logout is not work properly. I debugged the spring SAML2 implementation, it expected a signed SLO response, but…
zsts
  • 1
  • 1
0
votes
0 answers

Adding Signature to Service Provider Metadata in Spring Security SAML

I'm currently in the process of migrating my application's authentication from Spring Security SAML Extension to Spring Security SAML. I'm using the service provider metadata to register my application with the Identity Provider (IDP). I've managed…
Sumeet Kumar Yadav
  • 11,912
  • 6
  • 43
  • 80
0
votes
0 answers

SAML AuthnRequest expired before IdP returns to Application with Saml Response

I am using spring-security-saml2 for user authentication. This usually works fine, but the IdP is often slow to come back to the application and I assume that the AuthnRequest has already expired in our application. This expiration-value seems to be…
marco
  • 163
  • 1
  • 1
  • 9
0
votes
0 answers

Extract server name in Saml2 login callback

I have a project setup with Saml2 login authentication and the response callback is handled with the method documented by spring. @GetMapping("/saml2/callback") public ResponseEntity saml2Login(Model model, @AuthenticationPrincipal …
Sever
  • 23
  • 3
0
votes
0 answers

expect Saml2AuthenticationToken but get Anonymous in spring-security-saml2-service-provider

In a login, after successful authentication using spring-security-saml2-service-provider, I expect a Saml2AuthenticationToken (or something derived from that containing user-details) but I get an AnonymousAuthenticationToken (authenticated true)…
JvdLinden
  • 33
  • 8
1 2 3
4
5 6 7