org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer,Saml2WebSsoAuthenticationFilter>

org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

All Implemented Interfaces:: SecurityConfigurer<DefaultSecurityFilterChain,B>

public final class Saml2LoginConfigurer> extends AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer,Saml2WebSsoAuthenticationFilter>

An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.

SAML 2.0 Login provides an application with the capability to have users log in by using their existing account at an SAML 2.0 Identity Provider.

Defaults are provided for all configuration options with the only required configuration being relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) . Alternatively, a RelyingPartyRegistrationRepository @Bean may be registered instead.

Security Filters

The following Filter's are populated:

Shared Objects Created

The following shared objects are populated:

RelyingPartyRegistrationRepository (required)

Shared Objects Used

The following shared objects are used:

RelyingPartyRegistrationRepository (required)
DefaultLoginPageGeneratingFilter - if loginPage(String) is not configured and DefaultLoginPageGeneratingFilter is available, than a default login page will be made available

Since:

5.2

See Also:

Constructor Summary

Constructors

Constructor

Description

Saml2LoginConfigurer()
Method Summary

Modifier and Type

Method

Description

Saml2LoginConfigurer

authenticationConverter(AuthenticationConverter authenticationConverter)

Use this AuthenticationConverter when converting incoming requests to an Authentication.

Saml2LoginConfigurer

authenticationManager(AuthenticationManager authenticationManager)

Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.

Saml2LoginConfigurer

authenticationRequestResolver(Saml2AuthenticationRequestResolver authenticationRequestResolver)

Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.

Saml2LoginConfigurer

authenticationRequestUri(String authenticationRequestUri)

Deprecated.
Use authenticationRequestUriQuery(java.lang.String) instead

Saml2LoginConfigurer

authenticationRequestUriQuery(String authenticationRequestUriQuery)

Customize the URL that the SAML Authentication Request will be sent to.

void

configure(B http)

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

protected RequestMatcher

createLoginProcessingUrlMatcher(String loginProcessingUrl)

Create the RequestMatcher given a loginProcessingUrl

void

init(B http)

Initialize the SecurityBuilder.

Saml2LoginConfigurer

loginPage(String loginPage)

Specifies the URL to send users to if login is required.

Saml2LoginConfigurer

loginProcessingUrl(String loginProcessingUrl)

Specifies the URL to validate the credentials.

Saml2LoginConfigurer

relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)

Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, securityContextRepository, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- Saml2LoginConfigurer
  
  public Saml2LoginConfigurer()
Method Details
- authenticationConverter
 
 public Saml2LoginConfigurer authenticationConverter(AuthenticationConverter authenticationConverter)
 
 Use this AuthenticationConverter when converting incoming requests to an Authentication. By default the Saml2AuthenticationTokenConverter is used.
 
 Parameters:
 
 authenticationConverter - the AuthenticationConverter to use
 
 Returns:
 
 the Saml2LoginConfigurer for further configuration
 
 Since:
 
 5.4
- authenticationManager
 
 public Saml2LoginConfigurer authenticationManager(AuthenticationManager authenticationManager)
 
 Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication. If none is specified, the system will create one inject it into the Saml2WebSsoAuthenticationFilter
 
 Parameters:
 
 authenticationManager - the authentication manager to be used
 
 Returns:
 
 the Saml2LoginConfigurer for further configuration
 
 Throws:
 
 IllegalArgumentException - if authenticationManager is null configure the default manager
 
 Since:
 
 5.3
- relyingPartyRegistrationRepository
 
 public Saml2LoginConfigurer relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)
 
 Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
 
 Parameters:
 
 repo - the repository of relying parties
 
 Returns:
 
 the Saml2LoginConfigurer for further configuration
- loginPage
 
 public Saml2LoginConfigurer loginPage(String loginPage)
 
 Description copied from class: AbstractAuthenticationFilterConfigurer
 
 Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when this attribute is not specified.
 
 If a URL is specified or this is not being used in conjunction with EnableWebSecurity, users are required to process the specified URL to generate a login page.
 
 Overrides:
 
 loginPage in class AbstractAuthenticationFilterConfigurer,Saml2LoginConfigurer>,Saml2WebSsoAuthenticationFilter>
- authenticationRequestResolver
 
 public Saml2LoginConfigurer authenticationRequestResolver(Saml2AuthenticationRequestResolver authenticationRequestResolver)
 
 Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.
 
 Parameters:
 
 authenticationRequestResolver -
 
 Returns:
 
 the Saml2LoginConfigurer for further configuration
 
 Since:
 
 5.7
- authenticationRequestUri
 
 @Deprecated public Saml2LoginConfigurer authenticationRequestUri(String authenticationRequestUri)
 
 Deprecated.
 Use authenticationRequestUriQuery(java.lang.String) instead
 
 Customize the URL that the SAML Authentication Request will be sent to.
 
 Parameters:
 
 authenticationRequestUri - the URI to use for the SAML 2.0 Authentication Request
 
 Returns:
 
 the Saml2LoginConfigurer for further configuration
 
 Since:
 
 6.0
- authenticationRequestUriQuery
 
 public Saml2LoginConfigurer authenticationRequestUriQuery(String authenticationRequestUriQuery)
 Customize the URL that the SAML Authentication Request will be sent to. This method also supports query parameters like so:
 authenticationRequestUriQuery("/saml/authenticate?registrationId={registrationId}")
 RelyingPartyRegistrations
 Parameters:
 
 authenticationRequestUriQuery - the URI and query to use for the SAML 2.0 Authentication Request
 
 Returns:
 
 the Saml2LoginConfigurer for further configuration
 
 Since:
 
 6.0
- loginProcessingUrl
 
 public Saml2LoginConfigurer loginProcessingUrl(String loginProcessingUrl)
 
 Specifies the URL to validate the credentials. If specified a custom URL, consider specifying a custom AuthenticationConverter via authenticationConverter(AuthenticationConverter), since the default AuthenticationConverter implementation relies on the {registrationId} path variable to be present in the URL
 Overrides:
 
 loginProcessingUrl in class AbstractAuthenticationFilterConfigurer,Saml2LoginConfigurer>,Saml2WebSsoAuthenticationFilter>
 
 Parameters:
 
 loginProcessingUrl - the URL to validate the credentials
 
 Returns:
 
 the Saml2LoginConfigurer for additional customization
 
 See Also:
 
 Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI
- createLoginProcessingUrlMatcher
 
 protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
 
 Description copied from class: AbstractAuthenticationFilterConfigurer
 
 Create the RequestMatcher given a loginProcessingUrl
 
 Specified by:
 
 createLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer,Saml2LoginConfigurer>,Saml2WebSsoAuthenticationFilter>
 
 Parameters:
 
 loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl
 
 Returns:
 
 the RequestMatcher to use based upon the loginProcessingUrl
- init
 
 public void init(B http) throws Exception
 Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.
 Initializes this filter chain for SAML 2 Login. The following actions are taken:
 
 The WebSSO endpoint has CSRF disabled, typically /login/saml2/sso
 
 A is configured
 
 The loginProcessingUrl is set
 
 A custom login page is configured, or
 
 A default login page with all SAML 2.0 Identity Providers is configured
 
 An AuthenticationProvider is configured
 Specified by:
 
 init in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder>
 
 Overrides:
 
 init in class AbstractAuthenticationFilterConfigurer,Saml2LoginConfigurer>,Saml2WebSsoAuthenticationFilter>
 
 Throws:
 
 Exception
- configure
 
 public void configure(B http) throws Exception
 
 Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
 During the configure phase, a Saml2WebSsoAuthenticationRequestFilter is added to handle SAML 2.0 AuthNRequest redirects
 
 Specified by:
 
 configure in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder>
 
 Overrides:
 
 configure in class AbstractAuthenticationFilterConfigurer,Saml2LoginConfigurer>,Saml2WebSsoAuthenticationFilter>
 
 Throws:
 
 Exception

Class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>

Security Filters

Shared Objects Created

Shared Objects Used

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Methods inherited from class java.lang.Object

Constructor Details

Saml2LoginConfigurer

Method Details

authenticationConverter

authenticationManager

relyingPartyRegistrationRepository

loginPage

authenticationRequestResolver

authenticationRequestUri

authenticationRequestUriQuery

loginProcessingUrl

createLoginProcessingUrlMatcher

init

configure