Announcement Announcement Module
Collapse
No announcement yet.
integrating spring-oauth and spring-saml: does not redirect back to /oauth/authorize Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • integrating spring-oauth and spring-saml: does not redirect back to /oauth/authorize

    I'm trying to integrate the spring-oauth with spring-saml.
    I want my authorization server to function as a "bridge" to saml; meaning the clients will use oauth (there is a "resource-server", and the clients are "oauth-clients"). but the auth-server function also as a "saml Service Provider (SP)". so when there is a need for authentication, the client is redirected to the auth-server, and then, using spring-saml, it generates saml Authnrequest, sends it to the IdP (www.ssocircle.com) etc.

    The problems occurs after the user enters his creds. then SAMLResponse is sent to my SP (redirect to .../<my-sp>/saml/SSO/default/defaultalias). But then, instead of being redirected back to /oauth/authorize and get the code, it is being redirected to "/", which is the default-target-url.

    After debugging, I saw that the ExceptionTranslationFilter did save the request correctly on the session (HttpSessionRequestCache), but "on the way back", when trying to retrieve the request (AbstractAuthenticationProcessingFilter.successfulA uthentication() finally generates a call to HttpSessionRequestCache.getRequest()) returns null, the request was not found (attribute does not exist on the session) so we end up using the default target url...

    I'm afraid that it happens because the session where the request was saved on is different than the one on which I call getRequest(). Does it make sense? why does it happen? how can I make sure / resolve this?

    thanks !

  • #2
    Hi Ohad,

    First idea which comes to mind - is there any chance that when you send the request you use an http:// URL, but the response comes to an https://?

    Vladi

    Comment


    • #3
      Originally posted by vsch View Post
      Hi Ohad,

      First idea which comes to mind - is there any chance that when you send the request you use an http:// URL, but the response comes to an https://?

      Vladi
      Wow, it might be it!
      In my case, upon trying to get a token, there is a redirect to https://<my app>/oauth/authorize, (and then another https redirect to the IdP).
      On the way back, the IdP makes a POST back to http://<my app>/saml/SSO/default/defaultAlias (no https!).

      You think that this is the reason? If I make the IdP make a call to httpS://<my app>/saml/SSO/default/defaultAlias, it might solve this?

      thanks a ton!

      Comment


      • #4
        Yes, it definitely seems that this is the reason. There are most likely two different HttpSessions in your system (one at the http, other at the https) and the original request data is stored in only one of them. Changing the metadata provided to IDP and including https endpoints there should make this issue go away.

        Comment


        • #5
          Well, you are right (again) :-)
          First, I changed both ends to work with http (easier...) - and it works fine.
          I guess that after changing both ends to https, it will work as well.

          thanks Vladi!

          -Ohad

          Comment

          Working...
          X