logo
down
shadow

How do I configure Spring Security SAML to work with Okta?


How do I configure Spring Security SAML to work with Okta?

By : user2955252
Date : November 22 2020, 10:38 AM
With these it helps I got it to work! The key appears to be setting Request to "Uncompressed". From there, I removed "alias/defaultAlias" since this only seems to work when you set an alias on the ExtendedMetadata. My settings that work on the Okta side:
code :
Application label: Spring Boot SAML App
Force Authentication: false
Post Back URL: http://localhost:8080/saml/SSO
Name ID Format: EmailAddressRecipient
Recipient: http://localhost:8080/saml/SSO
Audience Restriction: com:vdenotaris:spring:sp
authnContextClassRef: PasswordProtectedTransport
Response: Signed
Assertion: Signed
Request: Uncompressed
Destination: http://localhost:8080/saml/SSO
Default Relay State: (none)
Attribute Statements: email|${user.email},firstName|${user.firstName}


Share : facebook icon twitter icon
Configure Spring Security SAML to use SHA-256 as secure hash algorithm

Configure Spring Security SAML to use SHA-256 as secure hash algorithm


By : vatsal pancholi
Date : March 29 2020, 07:55 AM
seems to work fine You should configured the Spring security configuration to use SHA-256 signature algorithm.
You could either override the SAMLBootstrap or configure a initializing bean like this:
code :
<bean id="samlProperties" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <property name="location" value="classpath:saml.properties" />
</bean>
<bean class="your.package.SAMLConfigurationBean">
    <property name="signatureAlgorithm" value="${saml.signatureAlgorithm:SHA1}" />
</bean>
saml.signatureAlgorithm=SHA256
package your.package;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;

public class SAMLConfigurationBean implements InitializingBean {

    private String signatureAlgorithm ;
    private String digestAlgorithm;

    public void setSignatureAlgorithm(String algorithm) {
        switch (algorithm) {
            case "SHA256" :
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA256;
                break;
            case "SHA512" :
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA512;
                break;
            default:
                signatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
                digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
        }
    }

    @Override
    public void afterPropertiesSet() throws Exception {
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", signatureAlgorithm);
        config.setSignatureReferenceDigestMethod(digestAlgorithm);
    }
}
package your.package;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.factory.InitializingBean;

public class SAMLConfigurationBean implements InitializingBean {

    @Override
    public void afterPropertiesSet() throws Exception {
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
        config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    }
}
How to configure Spring Security SAML extension for Holder-of-key profile

How to configure Spring Security SAML extension for Holder-of-key profile


By : mera
Date : March 29 2020, 07:55 AM
I think the issue was by ths following , The above Spring SAML configuration is enough for enabling Holder-of-key profile at SP-side. I tried it with SimpleSAMLphp as the IdP and it worked.
It seems WSO2 does not support HoK web browser SSO profile (Please correct me if I am wrong), instead, it supports obtaining/issuing HoK messages through Security Token Service (STS).
How to configure the remote discovery with Spring Security SAML?

How to configure the remote discovery with Spring Security SAML?


By : André Fohlin
Date : March 29 2020, 07:55 AM
This might help you I finally found out the solution and can reach the Discovery URL (which returns an error but this will be another question).
The explanation to my problem was that the properties :
code :
<b:property name="idpDiscoveryEnabled" value="true"/>
<b:property name="idpDiscoveryURL" value="https://discovery.renater.fr/test"/>
Spring Security SAML - how to configure client auth?

Spring Security SAML - how to configure client auth?


By : Putta Krishna Kanth
Date : March 29 2020, 07:55 AM
I hope this helps you . OK, figured out how to enable clientAuth in TLS connections for Spring SAML. This is my Service Provider config from securityContext.xml:
code :
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
    <constructor-arg>
        <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
            <constructor-arg>
                <value type="java.io.File">classpath:metadata/sp.xml</value>
            </constructor-arg>
            <property name="parserPool" ref="parserPool" />
        </bean>
    </constructor-arg>
    <constructor-arg>
        <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
            <property name="local" value="true" />
            <property name="signMetadata" value="true" />
            <property name="signingKey" value="mykey" />
            <property name="encryptionKey" value="mykey" />
            <property name="tlsKey" value="mykey" />
        </bean>
    </constructor-arg>
</bean>  
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
    <constructor-arg value="classpath:security/keystore.jks" />
    <constructor-arg type="java.lang.String" value="secret" />
    <constructor-arg>
        <map>
            <entry key="mykey" value="secret" />
        </map>
    </constructor-arg>
    <constructor-arg type="java.lang.String" value="mykey" />
</bean>
Spring Security Saml configuration error with OKTA

Spring Security Saml configuration error with OKTA


By : Sortinn
Date : March 29 2020, 07:55 AM
To fix this issue Hello all and thanks for your help,
Finally I was able to solve the problem so I decided to post this on forum to help other beginners like me who can face similar sort of problems.
code :
<property name="entityBaseURL" value="https://localhost/XXX"/>
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderLB">
        <property name="scheme" value="https"/>
        <property name="serverName" value="dev-XXX.XXX.net"/>
        <property name="serverPort" value="443"/>
        <property name="includeServerPortInRequestURL" value="false"/>
        <property name="contextPath" value="/XXXXX"/>
    </bean>
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
                <property name="entityBaseURL" value="https://dev-XXX.XXX.net/XXXXXX"/>
            </bean>
        </constructor-arg>
    </bean>
Related Posts Related Posts :
  • How can I share props in ReasonReact?
  • Task.Delay is skipped
  • Parsley.js Password Confirm doesn‘t work
  • How to get all registred 'browser:resource' in Plone
  • Overriding page_list controller inside a package in Concrete5.6.1.2
  • Robolectric 2.x - dependent jars are downloading while running the tests
  • Setting Flyout to Main Frame Navigation(Windows 8.1 app store)
  • Build project - Nuget Error
  • How to recover admin password for SonarQube
  • perforce Tagging and labelling files
  • How to pass data from one window to another in Titanium?
  • TeamCity CI - Make custom build output folder
  • Multi-tenant ServiceStack API, same deployment to respond to requests on different hostnames?
  • How to show downshift + popper on top of material-ui dialog?
  • jQuery file upload and RequireJS configuration
  • How to send the result of a select query to a message body of a mail in oracle 10G
  • Worklight common build failing with "Failed to update main HTML file"
  • pg_listening_channels() is not returning the channels name
  • Asset management in ZF2
  • Does the Firefox add-on sdk allow direct modification of the http response byte stream?
  • How to remove menu hardware key from your android app
  • Identifying programming language
  • Use shell commands to find Makefile.am in configure.ac
  • Mono Compiler as Service or Microsoft Roselyn for a vb parser
  • How to add extra root nodes for not well formed XML structure?
  • which Uncrustify setting replaces blank lines with indenting spaces?
  • mac OSX Lion Homebrew install curl (77)
  • In Project Euler 47, why is 2^2 considered a prime number distinct from 2?
  • browserstack requesting localhost:45691
  • What was the real reason why Google is chosing RenderScript instead of OpenCL?
  • Mandrill Inbound Email routing
  • Prevent checkElementIndex() Guava function from concatenating additional response to existing error message
  • Arduino and Raspberry Pi Serial communication + multiple variables
  • convert a 960 grid based site to responsive
  • Should it be possible to have more than one DocuSign account (DEMO) with the same email address?
  • Is it possible to limit ammount of concurrent builds in Travis-CI
  • Selecting languages with specific ISO code
  • Deprecated vs Unsupported SDK
  • Verifying ClearCase files have been labeled properly
  • What's the difference between "Bag of Words" and "Bag of features" in computer vision?
  • Is there a way to tell Serde to use a struct field as a map's key?
  • ld:framework not found sfml
  • nice, go-idiomatic way of using a shared map
  • IzPack ChmodInstallerListener.jar
  • Breaking down tasks of user stories between developer and QA
  • Dropwizard service not starting properly
  • How to override devise invitable actions
  • Coded UI. How can I change TimeOut in Find() method
  • Why when I click on the update button error TypeError: r is undefined happen?
  • Visio Component Diagram - Required Interface
  • Lucene: fast(er) to get docs in bulk?
  • can I use windows 8 font (Segoe UI)for my web app?
  • Using Flask Session in Gevent Socket-IO
  • Difference between recommended and suggested cookbooks
  • Dynamic Forms (Formsets) in Flask / WTForms?
  • Image Servlet doesn't want to show image in browser (FireFox, IE..) but in Eclipse browser works?
  • Logback - how to get each logger logging to a separate log file?
  • In Crystal Reports, how do I keep a row from printing if the value is null?
  • iOS 6 Audio multi-route - use external microphone AND internal speaker simultaneously
  • Adding Comments in JasperReports template (jrxml)
  • shadow
    Privacy Policy - Terms - Contact Us © ourworld-yourmove.org