|
|
@@ -83,9 +83,9 @@ fun jwtDecoder(): JwtDecoder {
|
|
|
|
|
|
Spring Security does not support processing `<saml2:Response>` payloads over GET as this is not supported by the SAML 2.0 spec.
|
|
|
|
|
|
-To better comply with this, `Saml2AuthenticationTokenConverter` will not process GET requests by default as of Spring Security 8.
|
|
|
+To better comply with this, `Saml2AuthenticationTokenConverter`, `OpenSaml4AuthenticationTokenConverter`, and `OpenSaml5AuthenticationTokenConverter` will not process GET requests by default as of Spring Security 8.
|
|
|
To prepare for this, the property `shouldConvertGetRequests` is available.
|
|
|
-To use it, publish your own `Saml2AuthenticationTokenConverter` like so:
|
|
|
+To use it, publish your own converter like so:
|
|
|
|
|
|
[tabs]
|
|
|
======
|
|
|
@@ -94,9 +94,8 @@ Java::
|
|
|
[source,java,role="primary"]
|
|
|
----
|
|
|
@Bean
|
|
|
-Saml2AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) {
|
|
|
- Saml2AuhenticationTokenConverter authenticationConverter = new Saml2AuthenticationTokenConverter(
|
|
|
- new DefaultRelyingPartyRegistrationResolver(registrations));
|
|
|
+OpenSaml5AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) {
|
|
|
+ OpenSaml5AuthenticationTokenConverter authenticationConverter = new OpenSaml5AuthenticationTokenConverter(registrations);
|
|
|
authenticationConverter.setShouldConvertGetRequests(false);
|
|
|
return authenticationConverter;
|
|
|
}
|
|
|
@@ -108,12 +107,11 @@ Kotlin::
|
|
|
----
|
|
|
@Bean
|
|
|
fun authenticationConverter(val registrations: RelyingPartyRegistrationRepository): Saml2AuthenticationTokenConverter {
|
|
|
- val authenticationConverter = new Saml2AuthenticationTokenConverter(
|
|
|
- DefaultRelyingPartyRegistrationResolver(registrations))
|
|
|
+ val authenticationConverter = Saml2AuthenticationTokenConverter(registrations)
|
|
|
authenticationConverter.setShouldConvertGetRequests(false)
|
|
|
return authenticationConverter
|
|
|
}
|
|
|
----
|
|
|
======
|
|
|
|
|
|
-If you must continue using `Saml2AuthenticationTokenConverter` to process GET requests, you can call `setShouldConvertGetRequests` to `true.`
|
|
|
+If you must continue using `Saml2AuthenticationTokenConverter`, `OpenSaml4AuthenticationTokenConverter`, or `OpenSaml5AuthenticationTokenConverter` to process GET requests, you can call `setShouldConvertGetRequests` to `true.`
|
Josh Cummings