Clever Geek Handbook

Spring SAML, authentication entity is null

I have referenced the entire forum to understand the problem I was facing. I am still getting null authentication object

  • Tomcat version - 8.0.44

  • Java 1.7.0 I'm not sure if the security filter is called. See the Security Context section for details. It looks like I'm missing some configuration. Thanks in advance.

Endpoint    https://ssotest-1246771484.ap-south-1.elb.amazonaws.com/spring-security-saml2-sample/index.jsp

    ***securityContext.xml***
<?xml version="1.0" encoding="UTF-8" ?>
<beans >
    <!-- Enable auto-wiring -->
    <context:annotation-config />
    <context:component-scan base-package="org.springframework.security.saml" />
    <!-- Unsecured pages -->
    <security:http security="none" pattern="/saml/web/**" />
    <security:http security="none" pattern="/logout.jsp" />
    <security:http security="none" pattern="/index.jsp" />
    <security:http security="none" pattern="/favicon.ico" />

    <!-- Secured pages -->

    <bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain-map request-matcher="ant">
            <security:filter-chain pattern="/saml/login/**"
                filters="samlEntryPoint" />
            <security:filter-chain pattern="/saml/logout/**"
                filters="samlLogoutFilter" />
            <security:filter-chain pattern="/saml/metadata/**"
                filters="metadataDisplayFilter" />
            <security:filter-chain pattern="/index.jsp"
                filters="samlWebSSOProcessingFilter" />
            <security:filter-chain pattern="/saml/SSOHoK/**"
                filters="samlWebSSOHoKProcessingFilter" />
            <security:filter-chain pattern="/saml/SingleLogout/**"
                filters="samlLogoutProcessingFilter" />
            <security:filter-chain pattern="/saml/discovery/**"
                filters="samlIDPDiscovery" />
        </security:filter-chain-map>
    </bean>

    <!-- Register authentication manager with SAML provider -->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="samlAuthenticationProvider" />
    </security:authentication-manager>

    <!-- Central storage of cryptographic keys -->
    <bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
        <constructor-arg value="classpath:security/samlKeystore.jks" />
        <constructor-arg type="java.lang.String" value="nalle123" />
        <constructor-arg>
            <map>
                <entry key="apollo" value="nalle123" />
            </map>
        </constructor-arg>
        <constructor-arg type="java.lang.String" value="apollo" />
    </bean>


    <!-- Filter automatically generates default SP metadata -->
    <bean id="metadataGeneratorFilter"
        class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
                <property name="entityId" value="urn:vf:vshare" />
                <property name="signMetadata" value="false" />
            </bean>
        </constructor-arg>
    </bean>


    <!-- IDP Metadata configuration - paths to metadata of IDPs in circle of 
        trust is here -->
    <!-- Do no forget to call iniitalize method on providers -->
    <bean id="metadata"
        class="org.springframework.security.saml.metadata.CachingMetadataManager">
        <constructor-arg>
            <list>
                <bean
                    class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
                    <constructor-arg>
                        <bean
                            class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                            <constructor-arg>
                                <value type="java.io.File">classpath:security/FederationMetadata.xml</value>
                            </constructor-arg>
                            <property name="parserPool" ref="parserPool" />
                        </bean>
                    </constructor-arg>
                    <constructor-arg>
                        <bean
                            class="org.springframework.security.saml.metadata.ExtendedMetadata">
                        </bean>
                    </constructor-arg>
                    <property name="metadataTrustCheck" value="false" />
                </bean>
                <bean
                    class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
                    <constructor-arg>
                        <bean
                            class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                            <constructor-arg>
                                <value type="java.io.File">classpath:security/localhost_sp.xml</value>
                            </constructor-arg>
                            <property name="parserPool" ref="parserPool" />
                        </bean>
                    </constructor-arg>
                    <constructor-arg>
                        <bean
                            class="org.springframework.security.saml.metadata.ExtendedMetadata">
                            <property name="signingKey" value="apollo" />
                            <property name="encryptionKey" value="apollo" />
                            <property name="alias" value="defaultAlias" />
                        </bean>
                    </constructor-arg>
                </bean>
            </list>
        </constructor-arg>
        <!-- OPTIONAL used when one of the metadata files contains information 
            about this service provider -->
        <!-- <property name="hostedSPName" value=""/> -->
        <property name="hostedSPName" value="urn:vf:vshare" />
        <!-- OPTIONAL property: can tell the system which IDP should be used for 
            authenticating user by default. -->
        <!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
    </bean>

    <!-- SAML Authentication Provider responsible for validating of received 
        SAML messages -->
    <!-- <bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider"> -->
    <bean id="samlAuthenticationProvider"
        class="org.springframework.security.saml.SAMLAuthenticationProviderCust">
        <!-- OPTIONAL property: can be used to store/load user data after login -->
        <!-- <property name="userDetails" ref="bean" /> -->
        <property name="userDetails" ref="samlUserDetailsServiceImpl" />
        <property name="forcePrincipalAsString" value="false" />
        <property name="excludeCredential" value="false" />
    </bean>
</beans>
+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles