Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security SAML: Extract Attributes from a saml2p:Response as user attributes

Tags:

java

spring

spring-security

I have been digging into spring security yaml a little bit yesterday to make it work with Okta SAML. Logging in works, but the response XML contains user attributes that apparently cannot be extracted automatically into an attribute map. The response contains a fields like this

<saml2:Attribute Name="user.lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
    Surname
  </saml2:AttributeValue>
</saml2:Attribute>

Once an authentication is successful, I would like to put those in the authentication information. When logging in via github/oauth, the OAuth2AuthenticatedPrincipal class has an attributes map, however the Saml2AuthenticatedPrincipal only features a name.

What would be the correct way to solve this?

Right now I am thinking of a custom AuthenticationSuccessHandler that populates a custom Saml2AuthenticatedPrincipalWithAttributes class which contains all the attributes by parsing the provided XML response (via .getDetails()) a second time (or put them into the session).

I have a hunch that this is probably not the spring way to do things and would love to get a second opinion. When googling around you mainly find examples of spring security saml, before it got merged into spring security, which seems to handle things a little bit different, as the mentioned classes do not exist anymore.

Thanks for helping everyone!

like image 897
alr Avatar asked Oct 16 '22 03:10

alr

1 Answers

In the next release of Spring Security (5.4.0) you should be able to do something like this:

@GetMapping("/")
public String index(Model model,
    @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
    String emailAddress = principal.getFirstAttribute("emailAddress");
    model.addAttribute("emailAddress", emailAddress);
    model.addAttribute("userAttributes", principal.getAttributes());
    return "index";
}

For now, I don't know a better workaround than yours.

like image 108
kostic017 Avatar answered Nov 15 '22 08:11

kostic017
Sign in to Comment

Related questions

How to use dot navigation in Jackson JsonNode
IntelliJ - method reference may change semantics
(Spring) th:with based on a condition
MongoDB java API aggregate $lookup and pipeline use variable
Spring Boot Custom Bean Loader
Longest subArray with no more than two distinct values that differ by no more than 1 [closed]
How to show list of strings in notification in a given time slot?
Why the application does not see the Roles in Spring Security (Forbidden)
What version of JRE I need to compile with JDK 13.0.2?
i want to remove the duplicate sub integer arraylist from an integer arraylist in java
Weird java.lang.InstantiationException and java.lang.NoSuchMethodException after upgrading from JDK8 to JDK11
Waiting for a blocking GC Alloc in Android studio logs
Where should I call Rest API in fragment
liveness probe for microservice without http
Where to get Public key for validating a JWT Token in Java or Kotlin
Exception when creating datasource with PostgreSQL driver in Spring Boot
Pros and cons: Jetbrains IntelliJ / Sublime Text [closed]
File was loaded in the wrong encoding:'UTF-8' in IntelliJ IDEA
How to run a simple JUnit4 test in Android Studio 1.1?
Why is there an ArrayList declaration within java.util.Arrays

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!