public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B,Saml2LoginConfigurer<B>,Saml2WebSsoAuthenticationFilter>
AbstractHttpConfigurer
for SAML 2.0 Login, which leverages the SAML 2.0 Web
Browser Single Sign On (WebSSO) Flow.
SAML 2.0 Login provides an application with the capability to have users log in by using their existing account at an SAML 2.0 Identity Provider.
Defaults are provided for all configuration options with the only required
configuration being
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository)
.
Alternatively, a RelyingPartyRegistrationRepository
@Bean
may be
registered instead.
Filter
's are populated:
RelyingPartyRegistrationRepository
(required)Saml2AuthenticationRequestFactory
(optional)RelyingPartyRegistrationRepository
(required)Saml2AuthenticationRequestFactory
(optional)DefaultLoginPageGeneratingFilter
- if loginPage(String)
is not
configured and DefaultLoginPageGeneratingFilter
is available, than a default
login page will be made availableConstructor and Description |
---|
Saml2LoginConfigurer() |
Modifier and Type | Method and Description |
---|---|
Saml2LoginConfigurer<B> |
authenticationConverter(AuthenticationConverter authenticationConverter)
Use this
AuthenticationConverter when converting incoming requests to an
Authentication . |
Saml2LoginConfigurer<B> |
authenticationManager(AuthenticationManager authenticationManager)
Allows a configuration of a
AuthenticationManager to be used during SAML 2
authentication. |
void |
configure(B http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder . |
protected RequestMatcher |
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
void |
init(B http)
Initialize the
SecurityBuilder . |
Saml2LoginConfigurer<B> |
loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required.
|
Saml2LoginConfigurer<B> |
loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.
|
Saml2LoginConfigurer |
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)
Sets the
RelyingPartyRegistrationRepository of relying parties, each party
representing a service provider, SP and this host, and identity provider, IDP pair
that communicate with each other. |
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
disable, withObjectPostProcessor
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
public Saml2LoginConfigurer<B> authenticationConverter(AuthenticationConverter authenticationConverter)
AuthenticationConverter
when converting incoming requests to an
Authentication
. By default the Saml2AuthenticationTokenConverter
is
used.authenticationConverter
- the AuthenticationConverter
to useSaml2LoginConfigurer
for further configurationpublic Saml2LoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager)
AuthenticationManager
to be used during SAML 2
authentication. If none is specified, the system will create one inject it into the
Saml2WebSsoAuthenticationFilter
authenticationManager
- the authentication manager to be usedSaml2LoginConfigurer
for further configurationjava.lang.IllegalArgumentException
- if authenticationManager is null configure the
default managerpublic Saml2LoginConfigurer relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository repo)
RelyingPartyRegistrationRepository
of relying parties, each party
representing a service provider, SP and this host, and identity provider, IDP pair
that communicate with each other.repo
- the repository of relying partiesSaml2LoginConfigurer
for further configurationpublic Saml2LoginConfigurer<B> loginPage(java.lang.String loginPage)
AbstractAuthenticationFilterConfigurer
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be generated when
this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter
, users are required to process the specified
URL to generate a login page.
loginPage
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
public Saml2LoginConfigurer<B> loginProcessingUrl(java.lang.String loginProcessingUrl)
AbstractAuthenticationFilterConfigurer
loginProcessingUrl
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
loginProcessingUrl
- the URL to validate username and passwordFormLoginConfigurer
for additional customizationprotected RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
AbstractAuthenticationFilterConfigurer
RequestMatcher
given a loginProcessingUrlcreateLoginProcessingUrlMatcher
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
loginProcessingUrl
- creates the RequestMatcher
based upon the
loginProcessingUrlRequestMatcher
to use based upon the loginProcessingUrlpublic void init(B http) throws java.lang.Exception
SecurityBuilder
. Here only shared state should be created
and modified, but not properties on the SecurityBuilder
used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder)
method uses
the correct shared objects when building. Configurers should be applied here.
Initializes this filter chain for SAML 2 Login. The following actions are taken:
/login/saml2/sso
is configured
loginProcessingUrl
is setOpenSamlAuthenticationProvider
is configuredinit
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
init
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
java.lang.Exception
public void configure(B http) throws java.lang.Exception
SecurityBuilder
by setting the necessary properties on the
SecurityBuilder
.
During the configure
phase, a
Saml2WebSsoAuthenticationRequestFilter
is added to handle SAML 2.0
AuthNRequest redirectsconfigure
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
configure
in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>,Saml2WebSsoAuthenticationFilter>
java.lang.Exception