swedenconnect / saml-identity-provider Goto Github PK
View Code? Open in Web Editor NEWA SAML Identity Provider base component using Spring Security
License: Apache License 2.0
A SAML Identity Provider base component using Spring Security
License: Apache License 2.0
Port to Spring Boot 3 and OpenSAML 5
Add support for DigestMethod, SigningMethod and EncryptionMethod in metadata configuration
Type is logged as SP entityID ..
Not all SAML-deployments make use of mdui:UIInfo
and we should also handle the Organization
element in Saml2ServiceProviderUiInfo
.
If receiving an unspecified NameIDFormat in an AuthnRequest, lets not fail.
When configuring a metadata provider a HTTP proxy can be configured. We should use the system settings for this instead.
The record AuthnUse
that is used in Saml2UserAuthentication.AuthenticationInfoTrack
is not serializable.
The code uses Thymeleaf for posting responses and also uses Spring MVC:s error handling. For a deployment where other UI-solutions are used, for example, using a separate frontend written in Vue or React, this is not a very tasty solution.
Suggestion: Introduce interfaces that can be implemented to avoid use of Thymeleaf and Spring view handling.
As it is now we rely on the UserAuthenticationProvider to handle SSO. This is not ideal.
Make audit events for:
Received request
Authentication success
Authentication failure
Cancelled operation
SAML error (bad request, ...)
Response message
If several metadata providers are configured we don't get a saml.idp.metadata.Provider
bean.
We need to make sure that if a MessageReplayChecker
bean exists it is installed in the validators.
If the authenticator is external (i.e., a redirect is made) the "before authn" event is published twice.
If the SP sends the PrincipalSelection extension we should have an SsoVoter that checks if the values in the extensions corresponds to the previous authentication.
The MetadataProvider
that is created based on the application settings is not available to the application that uses the starter module. This would be a good thing to have. For example, the application may want to check metadata in Actuator-health checks.
Currently one has to add those extensions programatically.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.