Announcement Announcement Module
Collapse
No announcement yet.
Advice needed in configuring 3rd party authentication solution with spring security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advice needed in configuring 3rd party authentication solution with spring security

    I have a SAML2 login module which, when triggered, is generating the SAML request and redirecting to a 3rd party IdP endpoint, so everything reuired to perform an SAML2 based login is already in that login module and if I configure it in a standard web.xml everything works as expected.

    I am now trying to make spring-security invoke a JAAS stack which contains this SAML2 login module and so far I have implemented the following configuration in my springSecurity file:

    Code:
        <?xml version="1.0" encoding="UTF-8"?>
        <beans xmlns="http://www.springframework.org/schema/beans" 
            xmlns:sec="http://www.springframework.org/schema/security"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:ctx="http://www.springframework.org/schema/context"
            xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
        
            <sec:global-method-security pre-post-annotations="enabled" />
        
        	<sec:http pattern="/resources/**" security="none"/>
        	<sec:http pattern="/session/**" security="none"/>
        
            <sec:http use-expressions="true" jaas-api-provision="true">
        
                <sec:intercept-url pattern="/**" access="isAuthenticated()" />
                <sec:intercept-url pattern="/**" access="hasAnyRole('ROLE_PLATFORMTEAM')" />
                <sec:http-basic />
                <sec:form-login  />
                <sec:logout logout-success-url="/logout" />
            </sec:http>
        
            <sec:authentication-manager alias="authenticationManager">
                <sec:authentication-provider ref="jaasAuthenticationProvider" />
            </sec:authentication-manager>
            
            <bean id="jaasAuthenticationProvider" class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
         		<property name="loginConfig" value="classpath:java.login.config"/>
         		<property name="loginContextName" value="SAML2"/>
         		<property name="authorityGranters">
           			<list>
            			<bean class="com.mycomp.JaasAuthorityGranter"/>
           			</list>
          		</property>
        	</bean> 
        
        </beans>
    With this configuration I get spring-security default login page (expected as I am using form-login with no parameters) and if I attempt to login I am getting the following error:

    *Service Provider could not extract SAML2 context from application session*


    What I expect to see is invocation of SAML2 loginmodule which will create the SAML request and redirect to the 3rd party login page (same as if I was configuring this via web.xml) however that doesn't happen. I know I am missing an integration bit here but not sure which one and how to implement it.

    Please don't tell me to set a reference to a login page because it is a 3rd party one, the whole idea is that spring security will invoke the JAAS stack which will trigger SAML2 login module which will then take care of the login process.

    Any ideas will be much appreciated.
Working...
X