Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Saml2WebSsoAuthenticationRequestFilter should not use OpenSamlAuthenticationRequestFactory by default #8359

Closed
jzheaux opened this issue Apr 8, 2020 · 0 comments
Closed

Saml2WebSsoAuthenticationRequestFilter should not use OpenSamlAuthenticationRequestFactory by default #8359

jzheaux opened this issue Apr 8, 2020 · 0 comments
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.4.0-M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 8, 2020

If Saml2WebSsoAuthenticationRequestFilter uses OpenSamlAuthenticationRequestFactory by default, then Spring Security is dependent on OpenSAML even if the application implements their own Saml2AuthenticationRequestFactory and AuthenticationProvider.

Instead, the constructor should require a Saml2AuthenticationRequestFactory.

Note that this behavior can be verified by creating a project that uses spring-security-saml2-service-provider, excludes the OpenSAML dependencies, and simply constructs a Saml2WebSsoAuthenticationRequestFilter in the main method:

public static void main(String[] args) {
    RelyingPartyRegistrationRepository repository = id -> null;
    Saml2AuthenticationRequestFactory factory = request -> null;
    Saml2WebSsoAuthenticationRequestFilter filter = 
        new Saml2WebSsoAuthenticationRequestFilter(repository); // throws ClassNotFoundException
    filter.setAuthenticationRequestFactory(factory);
}
@jzheaux jzheaux added type: enhancement A general enhancement in: saml2 An issue in SAML2 modules labels Apr 8, 2020
@jzheaux jzheaux added this to the 5.4.0.M1 milestone Apr 8, 2020
@jzheaux jzheaux self-assigned this Apr 8, 2020
jzheaux added a commit that referenced this issue Apr 8, 2020
@jzheaux
Saml2AuthenticationRequestFilter Tests
887cb99 
To confirm behavior still works as expected after making related changes.

Issue gh-8359
@jzheaux jzheaux closed this as completed in 711954e Apr 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M1
Development

No branches or pull requests
1 participant
@jzheaux