Announcement Announcement Module
Collapse
No announcement yet.
Spring SAML Integration authentication extended info (RelayState?) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring SAML Integration authentication extended info (RelayState?)

    Hi All,

    I am integrating SAML authentication into my application, and need extra parameters to load the user info from our DB after getting the authentication response.

    These are typically entered as URL parameters in the original request, and I need them to load the user.

    I originally was thinking of using "relayState" in my application since it is supposed to get passed back by the IDP untouched, and then use them in an UserDetailsService implemenation I provide to the SAMLAuthenticationProvider.

    I know there is a "success handler" that uses relayState as a URL, but my data is not an URL.

    I can't seem to find any support for setting the relayState in the authorization request to the IDP?

    Is there a better way to do this?

    Thanks!

  • #2
    Hi,

    The relaying state is available in SAMLCredential.getRelayState() and SAMLCredential object is passed as argument to your implemention of the SAMLUserDetailsService interface. That should make your original idea on how to do this perfectly valid.

    Cheers, Vladi

    Comment


    • #3
      Originally posted by vsch View Post
      Hi,

      The relaying state is available in SAMLCredential.getRelayState() and SAMLCredential object is passed as argument to your implemention of the SAMLUserDetailsService interface. That should make your original idea on how to do this perfectly valid.

      Cheers, Vladi
      Hi Vladi,

      Thanks for the reply.

      This works, but I had to modify sendAuthenticationRequest(...) in WebSSOProfileImpl in order to set the value that is sent in the request to the IDP:

      context.setRelayState( "data" );

      There didn't seem to be a way of setting the relay state on SAMLMessageContext any other way.

      Is there a better way? I suppose I could subclass WebSSOProfileImpl and then override that method to do what I want before calling the base class, but it might be nice to have some kind of interface there.

      Comment


      • #4
        Hi,

        You're right, there was no way to set the value. I've now modified the WebSSOProfileOptions which is used to parametrize the SSO process and added property relayState. The WebSSOProfileOptions instance is loaded in the SAMLEntryPoint, you might still need to override method getProfileOptions, but it's going to be in a proper extension point.

        Cheers, V.

        Comment


        • #5
          Originally posted by vsch View Post
          Hi,

          You're right, there was no way to set the value. I've now modified the WebSSOProfileOptions which is used to parametrize the SSO process and added property relayState. The WebSSOProfileOptions instance is loaded in the SAMLEntryPoint, you might still need to override method getProfileOptions, but it's going to be in a proper extension point.

          Cheers, V.
          Perfect, that will work for my use case!

          Thanks,
          Ian

          Comment

          Working...
          X