HI all I am trying to add Saml Authentication to a Spring Boot application which currently uses OAuth2 password login-form and generates JWT tokens to enable access to clients.
Currently I have an endpoint where I am receiving and decoding the SAML Request. Now I want to somehow, trigger the 'login' mechanism. I see that it seems to be controlled from the WebSecurityConfig class and ends up in the JWTLoginFilter Successfull/unsuccessful methods where it generates the tokens.
The IDP is set to redirect to my endpoint /saml/authenticate:
@PostMapping(value = "/saml/authenticate")
@ResponseBody
public String getSamlAzureResponse(@RequestParam String SAMLResponse, HttpServletResponse servletResponse) throws Exception {
Response response = responseManager.processSAMLResponse(SAMLResponse);
This is my WebSecurityConfig config method:
protected void configure(HttpSecurity http) throws Exception {
UserInfoService userInfoService = applicationContext.getBean(UserInfoService.class);
UserLockoutService userLockoutService = applicationContext.getBean(UserLockoutService.class);
GetTokenService getTokenService = applicationContext.getBean(GetTokenService.class);
TokenAuthenticationManager tokenAuthenticationManager = new TokenAuthenticationManager();
tokenAuthenticationManager.setUserDetailsService(userDetailsService);
tokenAuthenticationManager.setGetTokenService(getTokenService);
tokenAuthenticationManager.setUserInfoService(userInfoService);
JWTAuthenticationFilter jwtTokenAuthenticationFilter = new JWTAuthenticationFilter("/web/**", Arrays.asList(permitAll), jwtTimeout,
getTokenService, failureHandler, requestCache);
jwtTokenAuthenticationFilter.setAuthenticationManager(tokenAuthenticationManager);
JWTAuthenticationFilter jwtAuthenticationFilterSwagger =
new JWTAuthenticationFilter("/swagger-ui.html", Arrays.asList(permitAll), jwtTimeout, getTokenService, failureHandler, requestCache);
jwtAuthenticationFilterSwagger.setAuthenticationManager(tokenAuthenticationManager);
JWTAuthenticationFilter jwtAuthenticationFilterOauth =
new JWTAuthenticationFilter("/oauth/authorize", Arrays.asList(permitAll), jwtTimeout, getTokenService, failureHandler, requestCache);
jwtAuthenticationFilterOauth.setAuthenticationManager(tokenAuthenticationManager);
JWTAuthenticationFilter jwtAuthenticationFilterIndex =
new JWTAuthenticationFilter("/", Arrays.asList(permitAll), jwtTimeout, getTokenService, failureHandler, requestCache);
jwtAuthenticationFilterIndex.setAuthenticationManager(tokenAuthenticationManager);
jwtAuthenticationFilterIndex.setRedirectExpired(false);
JWTLoginFilter jwtLoginFilter = new JWTLoginFilter(
"/web/login", "/web/dashboard_personal",
jwtTimeout, failureHandler, requestCache, userSecurityService);
jwtLoginFilter.setAuthenticationManager(tokenAuthenticationManager);
jwtLoginFilter.setTokenAuthenticationService(getTokenService);
jwtLoginFilter.setUserDetailsService(userDetailsService);
jwtLoginFilter.setPasswordEncoder(passwordEncoder);
jwtLoginFilter.setUserLockoutService(userLockoutService);
jwtLoginFilter.setPublisher(publisher);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.addFilterBefore(jwtLoginFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthenticationFilterOauth, UsernamePasswordAuthenticationFilter.class)
//.addFilterBefore(jwtAuthenticationFilterSaml, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtTokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthenticationFilterSwagger, UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthenticationFilterIndex, UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(new WebAccountValidationFilter(userAuthService, requestCache, settingsService), JWTAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Server","R2W server"))
.addHeaderWriter(new StaticHeadersWriter("Cache-Control","no-cache, no-store, max-age=0, must-revalidate"))
.addHeaderWriter(new StaticHeadersWriter("Pragma","no-cache"))
.addHeaderWriter(new StaticHeadersWriter("Expires","0"))
.and()
.requestMatchers()
.antMatchers("/dashboard/**", "/web/**", "/swagger-ui.html","/", "/oauth/authorize").and()
.authorizeRequests()
.antMatchers(permitAll).permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.accessDeniedPage("/access_denied")
.and()
.csrf()
.csrfTokenRepository(new CustomCsrfTokenRepository(new CookieCsrfTokenRepository()))
.and()
.formLogin()
.loginPage("/web/login")
.failureHandler(failureHandler)
.successHandler(authenticationSuccessHandler())
.defaultSuccessUrl("/web/dashboard_personal")
.permitAll();
}
I would like to know how I can use the Response from the IDP to trigger the generation of the JWT so that the users are authenticated .
question from:
https://stackoverflow.com/questions/65945747/adding-saml-authentication-to-existing-spring-boot-app-using-oauth