Skip to content

Support Customizing Set of OpenSAML Validators #15578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mathewm3 opened this issue Aug 12, 2024 · 0 comments
Closed

Support Customizing Set of OpenSAML Validators #15578

mathewm3 opened this issue Aug 12, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
6.5.0-RC1

Comments

@mathewm3
Copy link

Expected Behavior
Option to add/modify/remove SAML20AssertionValidators.attributeValidator especially subjects (BearerSubjectConfirmationValidator) in OpenSaml4AuthenticationProvider.java.

SAML20AssertionValidators.attributeValidator cannot be modified.

Even the method: createDefaultAssertionValidatorWithParameters() does not provide the option to modify SAML20AssertionValidators.attributeValidator

Current Behavior

Currently, it is hardcoded with SAML20AssertionValidators.attributeValidator with default conditions:

  1. AudienceRestrictionConditionValidator
  2. DelegationRestrictionConditionValidator
  3. ConditionValidator
  4. ProxyRestrictionConditionValidator

And a subject:

  1. BearerSubjectConfirmationValidator

Context

This will give flexibility to take the default assertion validator (createDefaultAssertionValidatorWithParameters) and modify only specific conditions or subjects.
@mathewm3 mathewm3 added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Aug 12, 2024
@jzheaux jzheaux added this to the 6.5.0-M3 milestone Feb 24, 2025
jzheaux added a commit to jzheaux/spring-security that referenced this issue Feb 25, 2025
@jzheaux
Add AssertionValidator
232c1d9 
- Ships with support for customizing the OpenSAML validators to use
- Or, you can supply your own instance of SAML20AssertionValidator

Closes spring-projectsgh-15578
@jzheaux jzheaux self-assigned this Feb 25, 2025
@jzheaux jzheaux changed the title Option to modify SAML20AssertionValidators.attributeValidator in OpenSaml4AuthenticationProvider Support Customizing Set of OpenSAML Validators Feb 25, 2025
@jzheaux jzheaux modified the milestones: 6.5.0-M3, 6.5.x Mar 17, 2025
@jzheaux jzheaux closed this as completed in 91b0936 Apr 2, 2025
@jzheaux jzheaux modified the milestones: 6.5.x, 6.5.0-RC1 Apr 2, 2025
@jzheaux jzheaux added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
6.5.0-RC1
Development

No branches or pull requests
2 participants
@jzheaux @mathewm3