Package org.springframework.security.config.annotation.web.configurers.saml2

Class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>

  • All Implemented Interfaces:
    SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,​B>
    public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractAuthenticationFilterConfigurer<B,​Saml2LoginConfigurer<B>,​org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
    An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.

    SAML 2.0 Login provides an application with the capability to have users log in by using their existing account at an SAML 2.0 Identity Provider.

    Defaults are provided for all configuration options with the only required configuration being relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) . Alternatively, a RelyingPartyRegistrationRepository @Bean may be registered instead.

    Security Filters

    The following Filter's are populated:
    • Saml2WebSsoAuthenticationFilter
    • Saml2WebSsoAuthenticationRequestFilter

    Shared Objects Created

    The following shared objects are populated:
    • RelyingPartyRegistrationRepository (required)
    • Saml2AuthenticationRequestFactory (optional)

    Shared Objects Used

    The following shared objects are used:
    • RelyingPartyRegistrationRepository (required)
    • Saml2AuthenticationRequestFactory (optional)
    • DefaultLoginPageGeneratingFilter - if loginPage(String) is not configured and DefaultLoginPageGeneratingFilter is available, than a default login page will be made available
    Since:
    5.2
    See Also:
    HttpSecurity.saml2Login(), Saml2WebSsoAuthenticationFilter, Saml2WebSsoAuthenticationRequestFilter, RelyingPartyRegistrationRepository, AbstractAuthenticationFilterConfigurer

    • Constructor Detail

      • Saml2LoginConfigurer

        public Saml2LoginConfigurer()

    • Method Detail

      • authenticationConverter

        public Saml2LoginConfigurer<B> authenticationConverter​(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
        Use this AuthenticationConverter when converting incoming requests to an Authentication. By default the Saml2AuthenticationTokenConverter is used.
        Parameters:
        authenticationConverter - the AuthenticationConverter to use
        Returns:
        the Saml2LoginConfigurer for further configuration
        Since:
        5.4

      • authenticationManager

        public Saml2LoginConfigurer<B> authenticationManager​(org.springframework.security.authentication.AuthenticationManager authenticationManager)
        Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication. If none is specified, the system will create one inject it into the Saml2WebSsoAuthenticationFilter
        Parameters:
        authenticationManager - the authentication manager to be used
        Returns:
        the Saml2LoginConfigurer for further configuration
        Throws:
        java.lang.IllegalArgumentException - if authenticationManager is null configure the default manager
        Since:
        5.3

      • relyingPartyRegistrationRepository

        public Saml2LoginConfigurer<B> relyingPartyRegistrationRepository​(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository repo)
        Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
        Parameters:
        repo - the repository of relying parties
        Returns:
        the Saml2LoginConfigurer for further configuration

      • init

        public void init​(B http)
          throws java.lang.Exception
        Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here. Initializes this filter chain for SAML 2 Login. The following actions are taken:
        • The WebSSO endpoint has CSRF disabled, typically /login/saml2/sso
        • A is configured
        • The loginProcessingUrl is set
        • A custom login page is configured, or
        • A default login page with all SAML 2.0 Identity Providers is configured
        • An AuthenticationProvider is configured
        Specified by:
        init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,​B extends HttpSecurityBuilder<B>>
        Overrides:
        init in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,​Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,​org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter>
        Throws:
        java.lang.Exception