public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer<B>,Saml2WebSsoAuthenticationFilter>
AbstractHttpConfigurer
for SAML 2.0 Login,
which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.
SAML 2.0 Login provides an application with the capability to have users log in by using their existing account at an SAML 2.0 Identity Provider.
Defaults are provided for all configuration options with the only required configuration
being relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository)
.
Alternatively, a RelyingPartyRegistrationRepository
@Bean
may be registered instead.
Filter
's are populated:
RelyingPartyRegistrationRepository
(required)Saml2AuthenticationRequestFactory
(optional)RelyingPartyRegistrationRepository
(required)Saml2AuthenticationRequestFactory
(optional)DefaultLoginPageGeneratingFilter
- if loginPage(String)
is not configured
and DefaultLoginPageGeneratingFilter
is available, than a default login page will be made availableConstructor and Description |
---|
Saml2LoginConfigurer() |
Modifier and Type | Method and Description |
---|---|
Saml2LoginConfigurer<B> |
authenticationManager(AuthenticationManager authenticationManager)
Allows a configuration of a
AuthenticationManager to be used during SAML 2 authentication. |
void |
configure(B http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder . |
protected RequestMatcher |
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
void |
init(B http)
Initialize the
SecurityBuilder . |
Saml2LoginConfigurer<B> |
loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required.
|
Saml2LoginConfigurer<B> |
loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.
|
Saml2LoginConfigurer |
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)
Sets the
RelyingPartyRegistrationRepository of relying parties, each party representing a
service provider, SP and this host, and identity provider, IDP pair that communicate with each other. |
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
disable, withObjectPostProcessor
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
public Saml2LoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager)
AuthenticationManager
to be used during SAML 2 authentication.
If none is specified, the system will create one inject it into the Saml2WebSsoAuthenticationFilter
authenticationManager
- the authentication manager to be usedSaml2LoginConfigurer
for further configurationjava.lang.IllegalArgumentException
- if authenticationManager is null
configure the default managerpublic Saml2LoginConfigurer relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)
RelyingPartyRegistrationRepository
of relying parties, each party representing a
service provider, SP and this host, and identity provider, IDP pair that communicate with each other.repo
- the repository of relying partiesSaml2LoginConfigurer
for further configurationpublic Saml2LoginConfigurer<B> loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be generated when
this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter
, users are required to process the specified
URL to generate a login page.
loginPage
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
public Saml2LoginConfigurer<B> loginProcessingUrl(java.lang.String loginProcessingUrl)
loginProcessingUrl
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
loginProcessingUrl
- the URL to validate username and passwordFormLoginConfigurer
for additional customizationprotected RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
RequestMatcher
given a loginProcessingUrlcreateLoginProcessingUrlMatcher
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
loginProcessingUrl
- creates the RequestMatcher
based upon the
loginProcessingUrlRequestMatcher
to use based upon the loginProcessingUrlpublic void init(B http) throws java.lang.Exception
SecurityBuilder
. Here only shared state should be created
and modified, but not properties on the SecurityBuilder
used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder)
method uses
the correct shared objects when building. Configurers should be applied here.
Initializes this filter chain for SAML 2 Login.
The following actions are taken:
/login/saml2/sso
is configured
loginProcessingUrl
is setOpenSamlAuthenticationProvider
is configuredinit
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
init
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
java.lang.Exception
public void configure(B http) throws java.lang.Exception
SecurityBuilder
by setting the necessary properties on the
SecurityBuilder
.
During the configure
phase, a Saml2WebSsoAuthenticationRequestFilter
is added to handle SAML 2.0 AuthNRequest redirectsconfigure
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
configure
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
java.lang.Exception