Expected Behavior
We should be able to customize/configure the way AuthnRequest is built by spring-security. It was possible with spring saml extension (see 9.2.1 in https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html)
Context
Some IDP mandates specific format for AuthnRequest and does not support everything. To increase interoperability between spring-security acting as a SP with multiple IDP vendors, it is necessary to provide similar way of configuring AuthnRequest (as it was possible in spring saml extension) Compared to saml extension we identify specifically the need for
-
nameID (NameIDPolicy in AuthnRequest) see also https://github.com/spring-projects/spring-security-saml/issues/266
-
authnContexts (AuthnContextClassRef in AuthnRequest)
Comment From: jzheaux
@amergey, thanks for the suggestion.
This support was added in 5.4-RC1 via the OpenSamlAuthenticationRequestFactory#setAuthnRequestConsumerResolver method. My apologies as the documentation for that feature didn't make it into RC1.
Since the code is in the RC1 phase, please try it out and send feedback (preferably on #8141) on whether it meets your needs.