In spring-security-saml2-service-provider 5.7.2. the class OpenSaml4AuthenticationRequestResolver has this method:
@Override
public <T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request) {
return this.authnRequestResolver.resolve(request, (registration, authnRequest) -> {
authnRequest.setIssueInstant(Instant.now(this.clock));
this.contextConsumer.accept(new AuthnRequestContext(request, registration, authnRequest));
});
}
the method authnRequest.setIssueInstant(); requires a DateTime not an Instant.
The result is a
java.lang.NoSuchMethodError: org.opensaml.saml.saml2.core.AuthnRequest.setIssueInstant(Ljava/time/Instant;) at org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver.lambda$resolve$1OpenSaml4AuthenticationRequestResolver.java:58)
Could you please check the issue?
Comment From: marcusdacoregio
Hi @tundoMatteo, this is a duplicate of https://github.com/spring-projects/spring-security/issues/10547.
I'll close this but feel free to reach out if you need any further help.
Comment From: tundoMatteo
@marcusdacoregio so the solution is to update OpenSaml to version 4.1.0? But spring brings with it the version 3.4.6 and the problem is not concerned with the logout, since i was trying to change the nameIdPolicy of the Saml Request.
The 4.1.0 does not exist on maven repository and you sare using the version 3.4.6 in spring-security-saml2-service-provider pom.
Comment From: marcusdacoregio
Yes, Spring Security SAML Service Provider has the OpenSAML version 3.4.6 in it because we support OpenSaml3 (which will be removed in Spring Security 6, see #10556).
Since you are using OpenSaml4AuthenticationRequestResolver you have to use OpenSAML4, see here how to configure it using Gradle. The OpenSAML team does not publish their newest versions in Maven Central, so you have to add their own repository to your build file.
Comment From: tundoMatteo
@marcusdacoregio ok thank you but it would be useful to update the guide here where there is this snippet of code:
@Bean
Saml2AuthenticationRequestResolver authenticationRequestResolver(RelyingPartyRegistrationRepository registrations) {
RelyingPartyRegistrationResolver registrationResolver =
new DefaultRelyingPartyRegistrationResolver(registrations);
OpenSaml4AuthenticationRequestResolver authenticationRequestResolver =
new OpenSaml4AuthenticationRequestResolver(registrationResolver);
authenticationRequestResolver.setAuthnRequestCustomizer((context) -> context
.getAuthnRequest().setForceAuthn(true));
return authenticationRequestResolver;
}
Here it shows to use the OpenSaml4AuthenticationRequestResolver, but it will not work if i don't force the import of open saml 4 in the pom.