I have a Spring project and I'm converting my current authentication to use SAML2.
I have everything working as far as authentication, but I'm having difficulty in getting the SAML2 extension to insert my custom UserDetails object into the Spring Security Context authentication object.
I have a custom UserDetailsService, defined below:
public class SAMLAuthManager implements SAMLUserDetailsService {
private static final Logger logger = Logger.getLogger(JDBCAuthManager.class);
@Override
public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
logger.info("Credential attributes: " + credential.getAttributes());
for (int x = 0; x < credential.getAttributes().size(); x++) {
Attribute attr = credential.getAttributes().get(x);
List<XMLObject> attrValues = attr.getAttributeValues();
StringBuilder strBuilder = new StringBuilder();
for (int g = 0; g < attrValues.size(); g++) {
XMLObject currObj = attrValues.get(g);
strBuilder.append(currObj.toString()).append(",");
}
strBuilder.deleteCharAt(strBuilder.length() - 1);
logger.info(attr.getFriendlyName() + ", " + strBuilder.toString());
}
String username = credential.getNameID().getValue();
userWrapper.setStaff(s);
logger.info("Returning wrapper: " + userWrapper);
return userWrapper;
} else {
return null;
}
}
}
I have also configured this userDetails in my security context config:
<bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
<property name="userDetails" ref="samlUserDetails" />
</bean>
However, when I inspect the SecurityContextHolder, post authentication, this line:
SecurityContextHolder.getContext().getAuthentication().getCredentials();
returns an object of type org.springframework.security.saml.SAMLCredential
.
I checked to see if Spring populated the Principal with the custom object (SecurityContextHolder.getContext().getAuthentication().getPrincipal()
) but it did not, that's just a String
with the username populated.
Any ideas? Thanks
The principal is by default forced to be String (in order to always permit replication of Principal which was earlier an un-serializable NameID).
This can be changed by setting forcePrincipalAsString
in SAMLAuthenticationProvider
to false
, which will make Spring SAML include your object provided by SAMLUserDetailsService
as principal in the Authentication
object.
The result of call to SAMLUserDetailsService
is always available under SecurityContextHolder.getContext().getAuthentication().getDetails()
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With