Context
In our current project we've been using spring saml extension for a couple of years. It works fine so far except this extension isn't supported anymore. Right now we are planning to migrate to Spring Security native implementation instead of using the outdated extension. We don't have Spring Boot and all our configs for Spring Security are XML-based. Is there any information about migration for existing users and what's more important some examples of XML-based configuration without Spring Boot?
Expected Behavior
Would be awesome to have:
- examples of XML-based based config without Spring Boot
- migration guide for existing users of the spring saml extension.
Current Behavior
Comment From: dawi
Looks similar to https://github.com/spring-projects/spring-security/issues/8685.
Comment From: jzheaux
Thanks for the suggestion, @w8forme. I'm going to close this as a duplicate of #9012, but please feel free to comment over there if you'd like to add to the conversation.
Comment From: gspadmapriya
Hello, is there sample XML as we are moving from spring saml extension to spring-security 5.7.2 or 5.7.3
Comment From: marcusdacoregio
Hi @gspadmapriya.
Yes, there is this sample https://github.com/spring-projects/spring-security-samples/tree/5.7.x/servlet/xml/java/saml2/login-logout and also the migration guide that may help you with the migration.
Comment From: gspadmapriya
Is there any extensive example in xml as I have to replace the current configuration of Saml2entrypoint, metadata filter, extended metadata delegate?
also looking for multitenancy XML examples of relaying party repositories, resolvers, etc.
Thank you, any help is much appreciated!
On Tue, Aug 23, 2022 at 10:06 AM Marcus Hert Da Coregio ***@***.*** wrote:
Hi @gspadmapriya https://github.com/gspadmapriya.
Yes, there is this sample https://github.com/spring-projects/spring-security-samples/tree/5.7.x/servlet/xml/java/saml2/login-logout and also the migration guide https://github.com/spring-projects/spring-security/wiki/SAML-2.0-Migration-Guide that may help you with the migration.
— Reply to this email directly, view it on GitHub https://github.com/spring-projects/spring-security/issues/9138#issuecomment-1224358915, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6AG2JMACDU3GNVVWJBXLTV2UAJDANCNFSM4SWSYYMQ . You are receiving this because you were mentioned.Message ID: @.***>
Comment From: marcusdacoregio
For now, there is no extensive sample showing the XML configuration. The work on the migration guide and further examples are now paused since we have a lot on our plate with the upcoming major releases.
I'd suggest that you read the migration guide and also the reference docs to see the differences, if there is something that you cannot figure out, please open an issue and let's see how to improve that.
Comment From: gspadmapriya
I am creating custom RelyingPartyRegistrationRepository where i am giving as in spring doc
RelyingPartyRegistration registration = RelyingPartyRegistration .withRegistrationId("example") .assertingPartyDetails(party -> party .entityId("https://idp.example.com/issuer")
.singleSignOnServiceLocation("https://idp.example.com/SSO.saml2") .wantAuthnRequestsSigned(false) .verificationX509Credentials(c -> c.add(assertingPartyCredential())) ) .build(); inMemoryRelyingPartyRegistrationRepository = new InMemoryRelyingPartyRegistrationRepository(registration);
- its ok not to give private key for relying party, right? i am trying with minimal configuration required to create custom repository
But when this custom class is instantiated as Bean getting exception as Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'saml2RelyingPartyRegistrationRepository': Unsatisfied dependency expressed through field 'privateKey'; nested exception is org.springframework.beans.ConversionNotSupportedException: Failed to convert value of type 'java.lang.String' to required type 'java.security.PrivateKey'; nested exception is java.lang.IllegalStateException: Cannot convert value of type 'java.lang.String' to required type 'java.security.PrivateKey': no matching editors or conversion strategy found
Any help will be appreciated, thanks
On Thu, Aug 25, 2022 at 4:02 AM Marcus Hert Da Coregio ***@***.*** wrote:
For now, there is no extensive sample showing the XML configuration. The work on the migration guide and further examples are now paused since we have a lot on our plate with the upcoming major releases.
I'd suggest that you read the migration guide and also the reference docs to see the differences, if there is something that you cannot figure out, please open an issue and let's see how to improve that.
— Reply to this email directly, view it on GitHub https://github.com/spring-projects/spring-security/issues/9138#issuecomment-1227108612, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6AG2MSTNP7ZPOE4VVFHQ3V25HFRANCNFSM4SWSYYMQ . You are receiving this because you were mentioned.Message ID: @.***>
Comment From: marcusdacoregio
You can see an example of a RelyingPartyRegistration configuration with its certificates here, it may help you since you are having problems with conversion to a private key.
Comment From: gspadmapriya
Hello
Earlier we used to extend the class SAMLContextProviderImpl to wrap it for load balancer. So is that taken care of in 5.7.3 and opensaml 4?
If not, what is the equivalent class that needs to be extended?
Thank you
On Fri, Aug 26, 2022 at 7:48 AM Marcus Hert Da Coregio ***@***.*** wrote:
You can see an example of a RelyingPartyRegistration configuration with its certificates here https://github.com/spring-projects/spring-security-samples/blob/5.7.x/servlet/spring-boot/java/saml2/login-single-tenant/src/main/java/example/SecurityConfiguration.java, it may help you since you are having problems with conversion to a private key.
— Reply to this email directly, view it on GitHub https://github.com/spring-projects/spring-security/issues/9138#issuecomment-1228590326, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6AG2JZISVNCZOMC3VRTR3V3DKM5ANCNFSM4SWSYYMQ . You are receiving this because you were mentioned.Message ID: @.***>