com.netflix.genie.security.saml

Class SAMLConfig

java.lang.Object

org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

com.netflix.genie.security.saml.SAMLConfig

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>

@ConditionalOnProperty(value="genie.security.saml.enabled",
                       havingValue="true")
 @Configuration
 @Order(value=5)
public class SAMLConfig
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Security configuration for SAML based authentication.

Modified from: https://github.com/vdenotaris/spring-boot-security-saml-sample which is basically a port of the context-xml from Spring SAML example.

Since:

3.0.0

Constructor Summary

Constructors

Constructor and Description
SAMLConfig()

Method Summary

Modifier and Type	Method and Description
org.springframework.security.saml.processor.HTTPArtifactBinding	artifactBinding(org.opensaml.xml.parse.ParserPool parserPool, org.apache.velocity.app.VelocityEngine velocityEngine) HTTP Artifact binding.
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler	authenticationFailureHandler() Handler deciding where to redirect user after failed login.
protected void	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Defines the web based security configuration.
org.springframework.security.saml.context.SAMLContextProviderImpl	contextProvider(SAMLProperties properties) Provider of the SAML context.
org.springframework.security.saml.websso.WebSSOProfileOptions	defaultWebSSOProfileOptions() The Web SSO profile options.
org.springframework.security.saml.websso.WebSSOProfileECPImpl	ecpprofile() SAML 2.0 ECP profile.
org.springframework.security.saml.metadata.ExtendedMetadata	extendedMetadata() Setup the extended metadata for the SAML request.
org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl	hokWebSSOProfile() SAML 2.0 Holder-of-Key Web SSO profile.
org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl	hokWebSSOprofileConsumer() SAML 2.0 Holder-of-Key WebSSO Assertion Consumer.
org.apache.commons.httpclient.HttpClient	httpClient() The HTTP Client used to communicate with the IDP.
org.springframework.security.saml.processor.HTTPPAOS11Binding	httpPAOS11Binding() A PAOS binding to use.
org.springframework.security.saml.processor.HTTPPostBinding	httpPostBinding() A HTTP POST binding to use.
org.springframework.security.saml.processor.HTTPRedirectDeflateBinding	httpRedirectDeflateBinding() A HTTP redirect binding to use.
org.springframework.security.saml.processor.HTTPSOAP11Binding	httpSOAP11Binding() A SOAP binding to use.
org.springframework.security.saml.key.KeyManager	keyManager() Central storage of cryptographic keys.
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler	logoutHandler() Logout handler terminating local session.
org.springframework.security.saml.websso.SingleLogoutProfile	logoutProfile() The logout profile for SAML single logout.
org.springframework.security.saml.metadata.CachingMetadataManager	metadata(org.springframework.security.saml.metadata.ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider) Get the metadata manager for the IDP metadata.
org.springframework.security.saml.metadata.MetadataDisplayFilter	metadataDisplayFilter() The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there.
org.springframework.security.saml.metadata.MetadataGenerator	metadataGenerator() Generates default SP metadata if none is set.
org.springframework.security.saml.metadata.MetadataGeneratorFilter	metadataGeneratorFilter() The metadata generator filter which generates metadata for the SP if non is pre-configured.
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager	multiThreadedHttpConnectionManager() Connection pool for the HTTP Client.
org.opensaml.xml.parse.StaticBasicParserPool	parserPool() Parser pool used for the OpenSAML parsing.
org.springframework.security.saml.parser.ParserPoolHolder	parserPoolHolder() The holder for the parser poole.
org.springframework.security.saml.processor.SAMLProcessorImpl	processor() The SAML processor that includes bindings for various communication protocols with the IDP.
org.springframework.security.saml.SAMLAuthenticationProvider	samlAuthenticationProvider(org.springframework.security.saml.userdetails.SAMLUserDetailsService samlUserDetailsService) Parses the response SAML messages.
static org.springframework.security.saml.SAMLBootstrap	samlBootstrap() Initialization of OpenSAML library.
org.springframework.security.saml.SAMLEntryPoint	samlEntryPoint() Entry point to initialize authentication, default values taken from properties file.
org.springframework.security.web.FilterChainProxy	samlFilter() Define the security filter chain in order to support SSO Auth by using SAML 2.0.
org.springframework.security.saml.SAMLDiscovery	samlIDPDiscovery() Setup the IDP discovery service.
org.springframework.security.saml.log.SAMLDefaultLogger	samlLogger() The Logger used by the SAML package.
org.springframework.security.saml.SAMLLogoutFilter	samlLogoutFilter() Overrides default logout processing filter with the one processing SAML messages.
org.springframework.security.saml.SAMLLogoutProcessingFilter	samlLogoutProcessingFilter() Filter to handle logout requests.
org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter	samlWebSSOHoKProcessingFilter() Filter to process holder of key sso requests.
org.springframework.security.saml.SAMLProcessingFilter	samlWebSSOProcessingFilter() Processing filter for WebSSO profile messages.
org.springframework.security.saml.processor.HTTPSOAP11Binding	soapBinding() A SOAP binding to use.
org.springframework.security.saml.metadata.ExtendedMetadataDelegate	ssoCircleExtendedMetadataProvider(SAMLProperties properties) Setup the extended metadata delegate for the IDP.
org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler	successLogoutHandler() Handler for successful logout.
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler	successRedirectHandler() Handler deciding where to redirect user after successful login.
org.apache.velocity.app.VelocityEngine	velocityEngine() Initialize the velocity engine.
org.springframework.security.saml.websso.WebSSOProfile	webSSOprofile() SAML 2.0 Web SSO profile.
org.springframework.security.saml.websso.WebSSOProfileConsumer	webSSOprofileConsumer() SAML 2.0 WebSSO Assertion Consumer.

Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

authenticationManager, authenticationManagerBean, configure, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAMLConfig

public SAMLConfig()

Method Detail

samlBootstrap

@Bean
public static org.springframework.security.saml.SAMLBootstrap samlBootstrap()

Initialization of OpenSAML library.

Returns:

the OpenSAML bootstrap object

See Also:

SAMLBootstrap

velocityEngine

@Bean
public org.apache.velocity.app.VelocityEngine velocityEngine()

Initialize the velocity engine.

Returns:

The velocity engine.

See Also:

VelocityEngine

parserPool

@Bean(initMethod="initialize")
public org.opensaml.xml.parse.StaticBasicParserPool parserPool()

Parser pool used for the OpenSAML parsing.

Returns:

The parser pool

See Also:

StaticBasicParserPool

parserPoolHolder

@Bean(name="parserPoolHolder")
public org.springframework.security.saml.parser.ParserPoolHolder parserPoolHolder()

The holder for the parser poole.

Returns:

The parser pool holder

See Also:

ParserPoolHolder

multiThreadedHttpConnectionManager

@Bean
public org.apache.commons.httpclient.MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager()

Connection pool for the HTTP Client.

Returns:

a Multithreaded connection manager

See Also:

MultiThreadedHttpConnectionManager

httpClient

@Bean
public org.apache.commons.httpclient.HttpClient httpClient()

The HTTP Client used to communicate with the IDP.

Returns:

The http client

See Also:

HttpClient

samlAuthenticationProvider

@Bean
public org.springframework.security.saml.SAMLAuthenticationProvider samlAuthenticationProvider(org.springframework.security.saml.userdetails.SAMLUserDetailsService samlUserDetailsService)

Parses the response SAML messages.

Parameters:

samlUserDetailsService - The user details service to use

Returns:

The SAML authentication provider

See Also:

SAMLAuthenticationProvider

contextProvider

@Bean
public org.springframework.security.saml.context.SAMLContextProviderImpl contextProvider(SAMLProperties properties)

Provider of the SAML context.

Parameters:

properties - The SAML properties to use

Returns:

the context provider implementation

See Also:

SAMLContextProviderImpl

samlLogger

@Bean
public org.springframework.security.saml.log.SAMLDefaultLogger samlLogger()

The Logger used by the SAML package.

Returns:

the logger

See Also:

SAMLDefaultLogger

webSSOprofileConsumer

@Bean
public org.springframework.security.saml.websso.WebSSOProfileConsumer webSSOprofileConsumer()

SAML 2.0 WebSSO Assertion Consumer.

Returns:

The consumer

See Also:

WebSSOProfileConsumer, WebSSOProfileConsumerImpl

hokWebSSOprofileConsumer

@Bean
public org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer()

SAML 2.0 Holder-of-Key WebSSO Assertion Consumer.

Returns:

The holder of key consumer implementation

See Also:

WebSSOProfileConsumerHoKImpl

webSSOprofile

@Bean
public org.springframework.security.saml.websso.WebSSOProfile webSSOprofile()

SAML 2.0 Web SSO profile.

Returns:

The web profile

See Also:

WebSSOProfile, WebSSOProfileImpl

hokWebSSOProfile

@Bean
public org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl hokWebSSOProfile()

SAML 2.0 Holder-of-Key Web SSO profile.

Returns:

the HoK profile

See Also:

WebSSOProfileConsumerHoKImpl

ecpprofile

@Bean
public org.springframework.security.saml.websso.WebSSOProfileECPImpl ecpprofile()

SAML 2.0 ECP profile.

Returns:

The ECP profile

See Also:

WebSSOProfileECPImpl

logoutProfile

@Bean
public org.springframework.security.saml.websso.SingleLogoutProfile logoutProfile()

The logout profile for SAML single logout.

Returns:

The logout profile

See Also:

SingleLogoutProfile, SingleLogoutProfileImpl

keyManager

@Bean
public org.springframework.security.saml.key.KeyManager keyManager()

Central storage of cryptographic keys.

Returns:

The key manager used for everything

See Also:

KeyManager

defaultWebSSOProfileOptions

@Bean
public org.springframework.security.saml.websso.WebSSOProfileOptions defaultWebSSOProfileOptions()

The Web SSO profile options.

Returns:

The profile options for web sso

See Also:

WebSSOProfileOptions

samlEntryPoint

@Bean
public org.springframework.security.saml.SAMLEntryPoint samlEntryPoint()

Entry point to initialize authentication, default values taken from properties file.

Returns:

The SAML entry point

See Also:

SAMLEntryPoint

extendedMetadata

@Bean
public org.springframework.security.saml.metadata.ExtendedMetadata extendedMetadata()

Setup the extended metadata for the SAML request.

Returns:

The extended metadata

See Also:

ExtendedMetadata

samlIDPDiscovery

@Bean
public org.springframework.security.saml.SAMLDiscovery samlIDPDiscovery()

Setup the IDP discovery service.

Returns:

The discovery service

See Also:

SAMLDiscovery

ssoCircleExtendedMetadataProvider

@Bean
 @Qualifier(value="idp-ssocircle")
public org.springframework.security.saml.metadata.ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider(SAMLProperties properties)
                                                                                                                                               throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Setup the extended metadata delegate for the IDP.

Parameters:

properties - The SAML properties

Returns:

The sso circle of trust metadata provider configured via the url.

Throws:

org.opensaml.saml2.metadata.provider.MetadataProviderException - On any configuration error

See Also:

ExtendedMetadataDelegate, HTTPMetadataProvider

metadata

@Bean
 @Qualifier(value="metadata")
public org.springframework.security.saml.metadata.CachingMetadataManager metadata(org.springframework.security.saml.metadata.ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider)
                                                                                                               throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Get the metadata manager for the IDP metadata. This version caches locally and refreshes periodically.

Parameters:

ssoCircleExtendedMetadataProvider - The extended metadata delegate

Returns:

The metadata manager

Throws:

org.opensaml.saml2.metadata.provider.MetadataProviderException - on any configuration error

See Also:

CachingMetadataManager

metadataGenerator

@Bean
public org.springframework.security.saml.metadata.MetadataGenerator metadataGenerator()

Generates default SP metadata if none is set.

Returns:

The metadata generator filter

See Also:

MetadataGenerator

metadataDisplayFilter

@Bean
public org.springframework.security.saml.metadata.MetadataDisplayFilter metadataDisplayFilter()

The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there.

Returns:

the filter that will display the SP information

See Also:

MetadataDisplayFilter

successRedirectHandler

@Bean
public org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler()

Handler deciding where to redirect user after successful login.

Returns:

The login success handler

See Also:

SavedRequestAwareAuthenticationSuccessHandler

authenticationFailureHandler

@Bean
public org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler authenticationFailureHandler()

Handler deciding where to redirect user after failed login.

Returns:

Authentication failure handler

See Also:

SimpleUrlAuthenticationFailureHandler

samlWebSSOHoKProcessingFilter

@Bean
public org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter()
                                                                                                    throws java.lang.Exception

Filter to process holder of key sso requests.

Returns:

The filter

Throws:

java.lang.Exception - For any configuration error

See Also:

SAMLWebSSOHoKProcessingFilter

samlWebSSOProcessingFilter

@Bean
public org.springframework.security.saml.SAMLProcessingFilter samlWebSSOProcessingFilter()
                                                                                        throws java.lang.Exception

Processing filter for WebSSO profile messages.

Returns:

The SAML processing filter

Throws:

java.lang.Exception - on any configuration error

See Also:

SAMLProcessingFilter

metadataGeneratorFilter

@Bean
public org.springframework.security.saml.metadata.MetadataGeneratorFilter metadataGeneratorFilter()

The metadata generator filter which generates metadata for the SP if non is pre-configured.

Returns:

The metadata generator filter

successLogoutHandler

@Bean
public org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler successLogoutHandler()

Handler for successful logout.

Returns:

the logout location to redirect the user to after they logout

See Also:

SimpleUrlLogoutSuccessHandler

logoutHandler

@Bean
public org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler logoutHandler()

Logout handler terminating local session.

Returns:

The security context logout handler

See Also:

SecurityContextLogoutHandler

samlLogoutProcessingFilter

@Bean
public org.springframework.security.saml.SAMLLogoutProcessingFilter samlLogoutProcessingFilter()

Filter to handle logout requests.

Returns:

The filter

See Also:

SAMLLogoutProcessingFilter

samlLogoutFilter

@Bean
public org.springframework.security.saml.SAMLLogoutFilter samlLogoutFilter()

Overrides default logout processing filter with the one processing SAML messages.

Returns:

The logout filter

See Also:

SAMLLogoutFilter

artifactBinding

@Bean
public org.springframework.security.saml.processor.HTTPArtifactBinding artifactBinding(org.opensaml.xml.parse.ParserPool parserPool,
                                                                                             org.apache.velocity.app.VelocityEngine velocityEngine)

HTTP Artifact binding.

Parameters:

parserPool - The parser pool to use

velocityEngine - The velocity engine to use

Returns:

The artifact binding

See Also:

HTTPArtifactBinding

soapBinding

@Bean
public org.springframework.security.saml.processor.HTTPSOAP11Binding soapBinding()

A SOAP binding to use.

Returns:

a SOAP binding

See Also:

HTTPSOAP11Binding

httpPostBinding

@Bean
public org.springframework.security.saml.processor.HTTPPostBinding httpPostBinding()

A HTTP POST binding to use.

Returns:

The post binding

See Also:

HTTPPostBinding

httpRedirectDeflateBinding

@Bean
public org.springframework.security.saml.processor.HTTPRedirectDeflateBinding httpRedirectDeflateBinding()

A HTTP redirect binding to use.

Returns:

The redirect binding

See Also:

HTTPRedirectDeflateBinding

httpSOAP11Binding

@Bean
public org.springframework.security.saml.processor.HTTPSOAP11Binding httpSOAP11Binding()

A SOAP binding to use.

Returns:

a SOAP binding

See Also:

HTTPSOAP11Binding

httpPAOS11Binding

@Bean
public org.springframework.security.saml.processor.HTTPPAOS11Binding httpPAOS11Binding()

A PAOS binding to use.

Returns:

The PAOS binding

See Also:

HTTPPAOS11Binding

processor

@Bean
public org.springframework.security.saml.processor.SAMLProcessorImpl processor()

The SAML processor that includes bindings for various communication protocols with the IDP.

Returns:

The saml processor

See Also:

SAMLProcessorImpl

samlFilter

@Bean
public org.springframework.security.web.FilterChainProxy samlFilter()
                                                                   throws java.lang.Exception

Define the security filter chain in order to support SSO Auth by using SAML 2.0.

Returns:

Filter chain proxy

Throws:

java.lang.Exception - on any configuration problem

See Also:

FilterChainProxy

configure

protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws java.lang.Exception

Defines the web based security configuration.

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Parameters:

http - It allows configuring web based security for specific http requests.

Throws:

java.lang.Exception - on any error