SAML Http Request Intercept with Spring Boot

前端未结

关注

 3  967

南笙

In reference to this SO question Add request parameter to SAML request using Spring Security SAML

I am wanting to replace the default HTTPRedirectDeflateBinding bean

相关标签:

3条回答

隐瞒了意图╮

2021-01-12 14:27

1.I think you need to use the super method buildRedirectURL and then add stripped or your custom query params, like this:

@Override
protected String buildRedirectURL(SAMLMessageContext messagesContext, String endpointURL, String message) throws MessageEncodingException {
    URLBuilder redirectUrlBuilder = new URLBuilder(super.buildRedirectURL(messagesContext, endpointURL, message));
    List<Pair<String, String>> queryParams = redirectUrlBuilder.getQueryParams();
    queryParams.addAll(new URLBuilder(endpointURL).getQueryParams());// add stripped query params
    return redirectUrlBuilder.buildURL();
}

2.I am not sure if it fine to pass the null to the HTTPRedirectDeflateBinding as decoder. Alternative would suggest to use the default decoder, which accepts ParserPool.

0 讨论(0)

刺人心

2021-01-12 14:43

You can redeclare the SAMLProcessor bean - which is used by SAMLProcessingFilter - and add your own binding bean in its bindings list. This is an example, I used in my project.

@Bean
public SAMLProcessorImpl processor() {
    Collection<SAMLBinding> bindings = new ArrayList<>();
    bindings.add(httpRedirectDeflateBinding());
    bindings.add(httpPostBinding());
    bindings.add(artifactBinding(parserPool(), velocityEngine()));
    bindings.add(httpSOAP11Binding());
    bindings.add(httpPAOS11Binding());

    return new SAMLProcessorImpl(bindings);
}

Hope it works for you.

0 讨论(0)

清歌不尽

2021-01-12 14:53

I know this question is very old, but I struggled with this same exact issue. I'm adding the answer just in case it can help anyone else.

The httpRedirectDeflateBinding will get called only when GET binding is used. In my case we used POST binding for WebSSOProfileOptions. Our configuration looked like the following:

    @Bean
    WebSSOProfileOptions defaultWebSSOProfileOptions() {
        WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
        webSSOProfileOptions.setIncludeScoping(false);
        webSSOProfileOptions.setAllowCreate(true);
        webSSOProfileOptions.setNameID("");
        webSSOProfileOptions.setForceAuthN(true);
        //This line is for enabling POST request
        webSSOProfileOptions.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        return webSSOProfileOptions;
    }

In this case, the custom override should be for HTTPPostEncoder. Inject the custom class to HTTPPostBinding and the custom logic should get executed.

0 讨论(0)