Home Esplora Aiuto
Registrati Accedi
github
/
spring-security
mirror da https://github.com/spring-projects/spring-security
2
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): aa3135169d
Rami (Branch) Tag
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
migration
/
servlet
/
saml2.adoc

saml2.adoc 2.0 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. = SAML 2.0 Migrations
    2. 

  2. 

  3. == Expect `<saml2:LogoutResponse>` When `<saml2:LogoutRequest>` Validation Fails
    4. 

  4. 

  5. SAML identity providers expect service providers to return an error `<saml2:LogoutResponse>` if it fails to process the `<saml2:LogoutRequest>`.
    6. 

  6. 

  7. Past versions of Spring Security returned a 401 in some cases, breaking the chain of logout requests and responses from each relying party.
    8. 

  8. 

  9. In Spring Security 7, this behavior is repaired, and you need do nothing.
    10. 

  10. 

  11. However, if this gives you trouble, you can revert back to the old behavior by publishing a `Saml2LogoutRequestResolver` that returns `null` when an error `<saml2:LogoutRequest>` is needed.
    12. 

  12. You can create a delegate like this one:
    13. 

  13. 

  14. [tabs]
    15. 

  15. ======
    16. 

  16. Java::
    17. 

  17. +
    18. 

  18. [source,java,role="primary"]
    19. 

  19. ----
    20. 

  20. @Bean
    21. 

  21. Saml2LogoutResponseResolver logoutResponseResolver(RelyingPartyRegistrationRepository registrations) {
    22. 

  22.     OpenSaml5LogoutResponseResolver delegate = new OpenSaml5LogoutResponseResolver(registrations);
    23. 

  23.     return new Saml2LogoutResponseResolver() {
    24. 

  24.         @Override
    25. 

  25.         public void resolve(HttpServletRequest request, Authentication authentication) {
    26. 

  26.             delegate.resolve(request, authentication);
    27. 

  27.         }
    28. 

  28. 

  29.         @Override
    30. 

  30.         public void resolve(HttpServletRequest request, Authentication authentication, Saml2AuthenticationException error) {
    31. 

  31.             return null;
    32. 

  32.         }
    33. 

  33.     };
    34. 

  34. }
    35. 

  35. ----
    36. 

  36. 

  37. Kotlin::
    38. 

  38. +
    39. 

  39. [source,kotlin,role="secondary"]
    40. 

  40. ----
    41. 

  41. @Bean
    42. 

  42. fun logoutResponseResolver(registrations: RelyingPartyRegistrationRepository?): Saml2LogoutResponseResolver {
    43. 

  43.     val delegate = OpenSaml5LogoutResponseResolver(registrations)
    44. 

  44.     return object : Saml2LogoutResponseResolver() {
    45. 

  45.         override fun resolve(request: HttpServletRequest?, authentication: Authentication?) {
    46. 

  46.             delegate.resolve(request, authentication)
    47. 

  47.         }
    48. 

  48. 

  49.         override fun resolve(request: HttpServletRequest?, authentication: Authentication?, error: Saml2AuthenticationException?) {
    50. 

  50.             return null
    51. 

  51.         }
    52. 

  52.     }
    53. 

  53. }
    54. 

  54. ----
    55. 

  55. ======
    56. 

  56.