Skip to content

Document Custom RelayState Parameter Resolution #14417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
abhishek-bafna-amdhan opened this issue Jan 8, 2024 · 7 comments
Closed

Document Custom RelayState Parameter Resolution #14417

abhishek-bafna-amdhan opened this issue Jan 8, 2024 · 7 comments
Assignees
@jzheaux
Labels
in: docs An issue in Documentation or samples type: enhancement A general enhancement

Comments

@abhishek-bafna-amdhan
Copy link

I want to set the RelayState parameter so that I can pass a redirectUrl received at runtime from a different request. This was possible in the SAML extension library by overriding the getProfileOptions() method of the SAMLEntryPoint class. However, it is not possible to do the same in Spring Security even with the following XML configuration:

<http>
       <saml2-login relying-party-registration-repository-ref="xxxxx">
</http>

I cannot find a sample application that showcases how to create a relying-party-registration-repository bean where I can pass the relying-party-registrations to its constructor. The relying-party-registrations should allow alias to be used as a reference in some other place.
@abhishek-bafna-amdhan abhishek-bafna-amdhan added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Jan 8, 2024
@mohitkumar5
Copy link

An xml sample configuring relying-party-registration-repository-ref will be really helpful.

@jzheaux
Copy link
Contributor

jzheaux commented Jan 17, 2024

Hi, @abhishek-bafna-amdhan, thanks for reaching out. It sounds like you want to configure a custom way to set the RelayState parameter value.

You can do this by customizing the Saml2AuthenticationRequestResolver like so:

public class RelayStateResolver implements Converter<HttpServletRequest, String> {
    // ... your custom implementation
}
<http>
    <saml2-login authentication-request-resolver-ref="ref" ... />
    ...
</http>

<b:beans name="relayStateResolver" class="RelayStateResolver"/>
<b:beans name="ref" class="org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver"/>
    <b:property name="relayStateResolver" ref="relayStateResolver"/>
</b:beans>

I can see this isn't covered in the reference, so I'll keep this ticket open to update that.

Does that seem sufficient to address your issue?

@jzheaux jzheaux self-assigned this Jan 17, 2024
@jzheaux jzheaux added in: docs An issue in Documentation or samples and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 17, 2024
@abhishek-bafna-amdhan
Copy link
Author

abhishek-bafna-amdhan commented Jan 19, 2024
edited
Loading

Hi @jzheaux, thanks for getting back to me. I'm hoping you might be able to clarify something for me about the reference for "relying-party-registration-repository-ref". It appears to be needed because the OpenSaml4AuthenticationRequestResolver needs a RelyingPartyRegistrationResolver, and the default implementation (DefaultRelyingPartyRegistrationResolver) requires a RelyingPartyRegistrationRepository in its constructor.

@jzheaux
Copy link
Contributor

jzheaux commented Jan 23, 2024
edited
Loading

@abhishek-bafna-amdhan, this has hopefully been alleviated in 6.1, which introduces a constructor in OpenSaml4AuthenticationRequestResolver for RelyingPartyRegistrationRepository. If that doesn't help, please feel free to open a StackOverflow question and paste the link to it here. We can continue to investigate your question over there.

@jzheaux jzheaux mentioned this issue Jan 23, 2024
Closed
@jzheaux jzheaux changed the title Configuring custom RelayState in xml configuration Document Custom RelayState Parameter Resolution Jan 23, 2024
@jzheaux jzheaux added the status: waiting-for-feedback We need additional information before we can continue label Apr 5, 2024
@spring-projects-issues
Copy link

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label Apr 12, 2024
@spring-projects-issues
Copy link

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

@spring-projects-issues spring-projects-issues closed this as not planned Won't fix, can't repro, duplicate, stale Apr 19, 2024
@spring-projects-issues spring-projects-issues removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels Apr 19, 2024
@abhishek-bafna-amdhan
Copy link
Author

Thank you for looking into this. The resolution provided by #14487 will resolve this issue.

Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: docs An issue in Documentation or samples type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jzheaux @spring-projects-issues @mohitkumar5 @abhishek-bafna-amdhan