Spring Security spring-security-saml2-service-provider dependency on spring-boot-starter-web while using spring-cloud-gateway

Question

I'm currently implementing an API Gateway authenticating using spring-security-saml2-service-provider. Looks like that Saml2 dependency is dependent on spring-boot-starter-web and I know spring-cloud-gateway is not compatible with it.

When removing the spring-boot-starter-web dependency, I receive the following: Consider defining a bean of type 'org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository' in your configuration.

Bug report

Spring Boot 2.4.1 spring-cloud 2020.0.0

Comment From: aabuniaj

Any comments on this please?

Comment From: jzheaux

Hi, @aabuniaj, thanks for the report. Spring Security's SAML support is not dependent on any Spring Boot projects as can be seen in its build file.

Spring Cloud Gateway and Spring Security's SAML are incompatible since one is reactive (Gateway) while the other is imperative (SAML). There either needs to be reactive SAML support or a servlet-based gateway to use them together.