Skip to content

Allow configuration of AuthenticationManager in saml2Login() #7654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
eleftherias opened this issue Nov 18, 2019 · 2 comments · Fixed by #7693
Closed

Allow configuration of AuthenticationManager in saml2Login() #7654

eleftherias opened this issue Nov 18, 2019 · 2 comments · Fixed by #7693
Assignees
@fhanik
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.3.0.M1

Comments

@eleftherias
Copy link
Contributor

Summary

It should be easier to configure the authoritiesExtractor, authoritiesMapper and responseTimeValidationSkew on the OpenSamlAuthenticationProvider.
See gh-7642.

Allowing an authenticationManagerResolver for SAML2 login will allow customizing the OpenSamlAuthenticationProvider.

This should be similar to OAuth2ResourceServerConfigurer.authenticationManagerResolver.
@eleftherias eleftherias added type: enhancement A general enhancement in: saml2 An issue in SAML2 modules labels Nov 18, 2019
@eleftherias eleftherias mentioned this issue Nov 18, 2019
Closed
@fhanik fhanik self-assigned this Dec 2, 2019
@fhanik fhanik mentioned this issue Dec 2, 2019
Merged
@fhanik
Copy link
Contributor

fhanik commented Dec 3, 2019

@eleftherias I've been reviewing this, and implemented a possible solution in 1d71a62.

It does however become difficult to justify the use of a AuthenticationManagerResolver simply for the ability to configure setters on the authentication provider.

The AbstractAuthenticationFilterConfigurer calls setAuthenticationManager making the end result of the configuration less obvious.

I will continue reviewing this, but may opt to just make the authentication provider configurable, or the options on it, rather than adding a resolver.

@eleftherias
Copy link
Contributor Author

@fhanik The idea with having the AuthenticationManagerResolver configurable is that it would support multi-tenancy in the future.
For now, we only need the ability to set the options on the provider.
I will leave it up to you to decide which option is best.

fhanik added a commit to fhanik/spring-security that referenced this issue Dec 17, 2019
@fhanik
Allow configuration of AuthenticationManagerResolver in saml2Login()
bbf200f 
Fixes spring-projectsgh-7654

spring-projects#7654
fhanik added a commit that referenced this issue Dec 17, 2019
@fhanik
Allow configuration of AuthenticationManagerResolver in saml2Login()
af41594 
Fixes gh-7654

#7654
jzheaux added a commit that referenced this issue Dec 18, 2019
@jzheaux
Polish Documentation
40d4dce 
Changed indentation on saml2Login() snippets to align more closely
with surrounding documentation.

Also removed call to super.configure as this would enable formLogin as
well as httpBasic. Replaced with default endpoint authorization
statement.

Issue gh-7654
@eleftherias eleftherias added this to the 5.3.0.M1 milestone Jan 8, 2020
@eleftherias eleftherias changed the title Allow configuring authenticationManagerResolver for SAML2 Allow configuration of AuthenticationManager in saml2Login() Jan 9, 2020
@eleftherias eleftherias mentioned this issue Jun 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fhanik fhanik

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging a pull request may close this issue.

Enable AuthenticationManager configuration in saml2Login fhanik/spring-security
2 participants
@fhanik @eleftherias