Spring Security WebSSOProfileConsumer replacement

Summary

I am migrating from org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE to spring-security-core:5.2.1.RELEASE.

What is replacement of filter WebSSOProfileConsumer in spring-security-core? How to define URL to which IDP redirects to?

Actual Behavior

Unauthenticated user requests page secured by Spring Security. It is redirected to AuthenticationRequestEndpoint "/saml2/authenticate/{registrationId}". From there user gets redirected to IDP and IDP redirects back after authentication witch authorization saml back to application endpoint.

So far so good.

In old library spring-security-saml2-core the filter WebSSOProfileConsumer intercepted the get request with saml payload and upgraded user to be authenticated.

How I can do that in spring-security-core? I run sample ./gradlew :spring-security-samples-boot-saml2login:bootRun but that one exhibits same problem. It ends in endless loop, because IDP redirect is treated as unauthorized user trying to access secured URL path.

Expected Behavior

It would be nice bonus to provide migration guide in addition to mentioning replacement of AuthenticationRequestEndpoint. Maybe even enriching the sample code?

Configuration

N/A

Version

5.2.1.RELEASE

Sample

./gradlew :spring-security-samples-boot-saml2login:bootRun

Comment From: fpagliar

The profile mostly worked with the validation of the SAML assertion, and not the request itself. This now maps to OpenSamlAuthenticationProvider.

If you are looking for the response URL matching it is the Saml2WebSsoAuthenticationFilter and the default path for processing the response is "/login/saml2/sso/{registrationId}".

Comment From: jzheaux

Thanks for reaching out, @Mincol. I'm closing this issue as is appears to have been answered by @fpagliar, however, please feel free to reopen if there's more to do.