Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring saml - how remember request parameter when initiate login on SP, and procesing them after IdP response

Tags:

openssl

spring-saml

saml

I want remember url request parameter from first request of my site (SP) and use them after response from IdP.

I'm using spring-saml extension and think about relayState attribute but can't find example how build it with parameters from request.

I need that for redirect user after sso authentication process to target page (module of application) depends on what was in first request.

like image 214
Dariusz Skrudlik Avatar asked Sep 24 '14 08:09

Dariusz Skrudlik

People also ask

What is a RelayState in SAML?

RelayState is a parameter of the SAML protocol that is used to identify the specific resource the user will access after they are signed in and directed to the relying party's federation server.

What is SAML discovery?

The SAML v2 IDP Discovery Service is an implementation of the Identity Provider Discovery Profile as described in the Profiles for the OASIS Security Assertion Markup Language (SAML) V2. 0 specification.

What is spring SAML extension?

Spring SAML Extension allows seamless inclusion of SAML 2.0 Service Provider capabilities in Spring applications. All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS 2.0, Shibboleth, OpenAM/OpenSSO, Ping Federate, Okta) can be used to connect with Spring SAML Extension.

1 Answers

Spring SAML sample application behaves like this out of the box. When user hits a page which is protected by Spring Security and requires authentication system:

  • remembers parameters which were used to invoke the page (done automatically inside Spring Security using ExceptionTranslationFilter and HttpSessionRequestCache) by storing the information into the HTTP session
  • invokes Spring SAML's entry point (SAMLEntryPoint class) which redirects user to the IDP, possible after IDP selection
  • user authenticates at IDP and is redirected back to your application
  • Spring SAML verifies the response and invokes AuthenticationSuccessHandler, which (in the sample application) is of type org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
  • the success handler checks whether there's a stored request (put there in the first step) and if so it makes user's browser to open the remembered page with the same set of parameters as initially
  • the security check should now pass, provided the authenticated user is authorized to access the page

You could of course implement this using relay state as you intended. The correct way to set relay state is by extending SAMLEntryPoint, overriding method getProfileOptions and returning your desired relay state in the returned WebSSOProfileOptions object.

You can then change the AuthenticationSuccessHandler to org.springframework.security.saml.SAMLRelayStateSuccessHandler which make redirect to the URL returned from the relay state after successful authentication.

like image 130
Vladimír Schäfer Avatar answered Sep 20 '22 13:09

Vladimír Schäfer
Sign in to Comment

Related questions

Qt and OpenSSL incompatible version on Ubuntu
Ansible: Create a Self-Signed SSL Certificate and Key
How to install more then one SSL on Windows 2008/IIS7?
Does OpenSSL automatically handle CRLs (Certificate Revocation Lists) now?
Clarifying OpenSSL 0.9.8L Concurrency Support - Can SSL Instances Be Used By Multiple Threads If Done Non-Concurrently?
ERROR: The Python ssl extension was not compiled. Missing the OpenSSL lib? (installing python 2.7 on ubuntu 18.04)
Can I use TLS version 1.1 or 1.2 in python 2?
rails encryption/decryption
How to build OpenSSL in VS2015: x86cpuid.asm is an empty file
Openssl ECDSA : private key passphrase
Could NOT find OpenSSL, try to set the path to OpenSSL root folder
Issue: No package 'libcrypto' found
OpenSSL 1.0.1 handshake workaround in Ubuntu? [closed]
"openssl verify" gives OK for bad certificate chain
Extract PEM Public Key from X.509 Certificate
Do I need multiple EVP_CIPHER_CTX structures?
What's the difference between linking against libeay32MD.lib and libeay32MT.lib?
openSSL certificate-verification on Linux [closed]
Self Signed Certificate in Windows without makecert?
Valgrind: disable conditional jump (or whole library) check

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!