You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If Saml2WebSsoAuthenticationRequestFilter uses OpenSamlAuthenticationRequestFactory by default, then Spring Security is dependent on OpenSAML even if the application implements their own Saml2AuthenticationRequestFactory and AuthenticationProvider.
Instead, the constructor should require a Saml2AuthenticationRequestFactory.
Note that this behavior can be verified by creating a project that uses spring-security-saml2-service-provider, excludes the OpenSAML dependencies, and simply constructs a Saml2WebSsoAuthenticationRequestFilter in the main method:
If
Saml2WebSsoAuthenticationRequestFilter
usesOpenSamlAuthenticationRequestFactory
by default, then Spring Security is dependent on OpenSAML even if the application implements their ownSaml2AuthenticationRequestFactory
andAuthenticationProvider
.Instead, the constructor should require a
Saml2AuthenticationRequestFactory
.Note that this behavior can be verified by creating a project that uses
spring-security-saml2-service-provider
, excludes the OpenSAML dependencies, and simply constructs aSaml2WebSsoAuthenticationRequestFilter
in the main method:The text was updated successfully, but these errors were encountered: