spring-security-saml | SAML extension for the Spring Security project | Security library

I want to build a site hosted with Spring Boot and I would like to use AWS SSO as the SAML identity provider for authentication. I have built a PoC application and tried to follow AWS configuration instructions and the Spring SAML examples I could find, but when I browse to my site (on localhost), AWS SSO successfully opens but then fails with "Bad Input".

In my PoC application (which only has code for the authentication and an index page) I have:

• added the spring-security-saml2-service-provider dependency (Spring Boot v2.6.2)
• set up a Custom Application in AWS SSO
• generated a private key and a self-signed certificate
• configured my application properties as follows:

I try a SAML connection to Azure B2C with a Spring application found on GitHub. Every works fine until I run in local, but when I need to test this application in a production eviroment I found myself up against problems due to HTTPS connection.

My production enviroment is based on AWS, I'm running a ECS Tasks configured in reverse proxy. I'm using an Load Balancer with an HTTPS listener and an HTTP rule to redirect on HTTPS.

This application is based on Spring, (not Spring Boot) and builds a WAR file that I run on a Tomcat 7.

When I try the login, this application try an HTTP request that the ALB redirect to HTTPS, but this redirect invalidate my SAML workflow.

I try to add requires-channel="https" to any node in my securityContext.xml but when I try to access to the application online I've got a ERR_TOO_MANY_REDIRECTS

I need to configure tomcat and this application to request only HTTPS without the needs of any redirects but I don't now how

I've uploaded my custom policy starting from SocialAndLocalAccounts template in my Azure AD B2C. I've changed the policy to get authentication with SAML protocol as documented in MS Documentation

This is the claim provider added in TrustFrameworkExtensions.xml file

We are new to Quarkus and are using it to build a simple Service Provider for Single sign on via SAML protocol with Okta as IdentityProvider. Unfortunately Quarkus only supports OpenId Connect (we could not find any guide for SAML protocol). However, Spring already has implemented this in spring-security-saml2-service-provider so we want to reuse this Spring component on Quarkus.

We only have 1 simple (spring rest) Controller on the project:

Small question regarding Spring Security SAML2 please.

To narrow the scope, the question is regarding:

I followed Spring Security SAML2 Using G Suite as Idp Cannot resolve method 'saml2login' in 'Http Security' I am getting this error some body plz help.

Currently I am editing existing implementation of SAML support on my project using Spring Security. I have multiple IdentityProviders, for which I store data in the database. Using my app UI I can add new IdentityProviders on runtime, which will be added to CachingMetadataManager. After that, refreshMetadata is called. However I have JKSKeyManager, which is loaded on app startup and loads a single JKS keystore which is used for all metadatas for all IdentityProviders. I want a user to be able to upload (or paste) a private key using my app UI during IdentityProvider creation on runtime, so that, different key can be used for different IdentityProvider, but I don't know how. There's no difference for me if I store the keys in JKS file or somewhere else. There's no spring boot and I am afraid there is no ability to upgrade the library versions/migrate to other libraries.

The key manager injection looks like this:

I have added Spring Security to an existing JEE application to add OAuth to the application. The security configuration is set to protect the REST API, and that part seems to work fine. When the UI requests a protected URL, the response contains a redirect to 'oauth2/authorize/keycloak'.

But that's where the story ends, since the request to 'oauth2/authorize/keycloak' itself returns a 404.

I am pretty out of date with spring security (have used it the last time with Spring applications about 8 years ago) and I have no idea where I am supposed to find the implementation of the endpoint 'oauth2/authorize/keycloak' in order to figure out what is missing or wrong in my setup.

The relevant part of my dependency tree looks as follows:

I am trying to create SP initiated SSO on Spring MVC application with Okta idp. I am getting 404 after the redirection from idp with failed authentication with the below error message when i am doing localhost testing.

I have setup idp settings as follow

• Single Sign On URL : https://localhost/myapp/saml/SSO
• Recipient URL : https://localhost/myapp/saml/SSO
• Destination URL :https://localhost/myapp/saml/SSO
• Audience Restriction : https://localhost/myapp/saml/metadata

I am getting the below error on the Tomcat Server