Commit Graph

1105 Commits

Author SHA1 Message Date
Josh Cummings
689fc9df0c Align Test Support Claims
Make all sub claims 'user' and all scopes 'read' to align with
existing support for JWT

Issue gh-7828
Issue gh-7789
Issue gh-7680
Issue gh-7618
2020-03-03 16:24:43 -07:00
Filip Hanik
3257349045 Support POST binding for AuthNRequest
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
Filip Hanik
a51a202925 Correct signature handling for SAML2 AuthNRequest
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
2020-02-12 13:30:48 -08:00
Filip Hanik
43098d41cc Revert "Correct signature handling for SAML2 AuthNRequest"
This reverts commit a3e09fadd7.
Build failure on Java 9+

XML generation does not add linefeeds by default
Change since Java 8
2020-02-12 13:30:48 -08:00
Filip Hanik
a3e09fadd7 Correct signature handling for SAML2 AuthNRequest
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)

Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

Fixes gh-7711
2020-02-12 11:40:19 -08:00
Josh Cummings
7c4d56319f cassample groovy->java
Issue gh-4939
2020-02-07 16:44:08 -07:00
Josh Cummings
f23ab6f716 Updated Tests for oauth2webclient-webflux Sample
Issue gh-7910
2020-02-05 15:56:18 -07:00
Eleftheria Stein
84b8a5abd7 Unlock dependencies for next development version
This reverts commit 064616f1ef.
2020-02-05 15:53:04 +01:00
Eleftheria Stein
064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Rob Winch
1d7208f8ef Add RSocket Authentication Extension Support
Fixes gh-7935
2020-02-04 23:36:47 -06:00
Josh Cummings
187c76e610 Update Tests in oauth2webclient Sample
Issue gh-7886
2020-02-03 17:08:04 -07:00
Josh Cummings
df8feb8919 Update JettyCasService
Align with changes to Jetty's SslContextFactory

Issue gh-7874
2020-01-30 11:25:44 -07:00
Josh Cummings
50d8200348 Update cas-server-webapp to 4.0.7
Did not update to the latest as there is some work involved in
aligning the casserver sample's XML configuration with the latest
cas-server-webapp.

Fixes gh-7874
2020-01-30 11:24:16 -07:00
Josh Cummings
982f3f902c Add oauth2Login Reactive Test Support
Fixes gh-7828
2020-01-13 17:49:52 -07:00
Josh Cummings
8f1d0cf528 opaqueToken MockMvc Configuration Order
Fixes gh-7800
2020-01-10 16:47:31 -07:00
Eleftheria Stein
1e33627d87 Use standard lambda syntax in documentation
Fixes: gh-7774
2020-01-10 13:12:17 +01:00
Eleftheria Stein
fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f1.
2020-01-08 22:15:17 +01:00
Eleftheria Stein
93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Josh Cummings
84ba3ddf26 Add oauth2Login MockMvc Support
Fixes gh-7789
2020-01-07 14:09:36 -07:00
Eleftheria Stein-Kousathana
2df1099da5 Idiomatic Kotlin DSL for configuring HTTP security
Issue: gh-5558
2020-01-07 12:08:43 -05:00
Josh Cummings
e1fdb24b5d Add opaqueToken MockMvc Test Support
Fixes gh-7712
2019-12-20 15:34:11 -07:00
Filip Hanik
b7eebabce6 Ensure that both matchers carry the same pattern.
AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher is public and final,
so there is a risk that the underlying matcher can become different if one is not careful.
2019-12-17 13:34:27 -08:00
Joe Grandja
24500fa3ca Remove redundant validation for redirect-uri
Fixes gh-7706
2019-12-06 11:55:31 -05:00
Josh Cummings
d102cae243 oidcLogin MockMvc Documentation
Remove documentation requiring a valid ClientRegistrationRepository

Issue: gh-7618
2019-12-02 22:49:17 -07:00
Josh Cummings
8c32d5fe48 Add oidcLogin WebFlux Test Support
Fixes: gh-7680
2019-12-02 22:28:24 -07:00
Josh Cummings
b35e18ff31 Add oidcLogin MockMvc Test Support
Fixes gh-7618
2019-11-26 16:12:06 -07:00
Josh Cummings
4954a229d6 Polish oauth2Login Sample Test
Issue: gh-7618
2019-11-26 14:19:14 -07:00
Josh Cummings
7cbd1665a6 Isolate Jwt Test Support
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.

Fixes gh-7641
2019-11-22 15:07:05 -07:00
Eddú Meléndez
27aa61b02f Use LocalRSocketServerPort annotation 2019-11-06 10:10:32 +01:00
Filip Hanik
0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login()
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
Filip Hanik
4489163163 Use Spring Boot configuration for saml2Login()
Fixes gh-7521

https://github.com/spring-projects/spring-security/issues/7521
2019-10-25 08:22:40 -07:00
Filip Hanik
5345aecd7f Align RSocket sample with new Spring Boot configuration 2019-10-25 08:22:40 -07:00
Rob Winch
03e2efacf4 Add Hello RSocket Sample
Fixes gh-7504
2019-09-30 13:58:03 -05:00
Filip Hanik
83b5f5c7ae Improve the Saml2AuthenticationRequest object
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
2019-09-30 11:01:34 -07:00
Filip Hanik
9731386de5 Correctly set "Destination" in AuthNRequest message
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
2019-09-30 11:01:34 -07:00
Filip Hanik
7adb4da3ef Always require signature on either response or assertion
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
2019-09-30 09:22:36 -07:00
Filip Hanik
e6d40e8280 Merge pull request #7477 from fhanik/feature/propagate_saml_authentication_exception
propagate saml authentication exception #7375
2019-09-27 09:38:57 -07:00
Filip Hanik
22da2b45c9 SAML Assertion validation should propagate errors: #7375 and #7375
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375

Clean up code

- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
2019-09-27 09:07:25 -07:00
Ivo Smid
a11e61432e Document OAuth2 Client behind proxy and redirect_uri
Fixes gh-7312
2019-09-26 14:09:21 -04:00
Filip Hanik
adde18b873 Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception"
This reverts commit e9619fb0e7, reversing
changes made to 45a1490d5d.
2019-09-24 16:05:09 -07:00
Filip Hanik
d472e99528 SAML Assertion validation should propagate errors: #7375 and #7375
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
2019-09-24 14:40:39 -07:00
Rob Winch
00f8991fac Merge Remove Redudant Throws
Fixes gh-7301
2019-09-19 11:04:53 -05:00
Josh Cummings
bdaf530511 Remove Stray @MockBean
Issue gh-7170
2019-09-16 06:56:58 -06:00
Josh Cummings
b55b2914c2 Mock Jwt Disables CSRF
Fixes gh-7170
2019-09-13 19:04:05 +01:00
Joe Grandja
a60446836b OAuth2AuthorizeRequest supports attributes
Fixes gh-7341
2019-09-05 21:04:25 -04:00
Filip Hanik
e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
2019-09-05 14:40:08 -07:00
Joe Grandja
dcd997ea43 Add support for Resource Owner Password Credentials grant
Fixes gh-6003
2019-09-04 14:07:45 -04:00
Josh Cummings
82ae4db4cc Update Multi Tenancy Sample to Convert Jwts
Issue gh-7346
2019-09-03 15:58:05 -06:00
Josh Cummings
068f4f0147 Polish Opaque Token
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.

Fixes gh-7344
Fixes gh-7345
2019-09-03 15:58:05 -06:00
Lars Grefer
95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00