Created
December 30, 2014 22:29
-
-
Save mraible/c8b52972f76e6f5e30d5 to your computer and use it in GitHub Desktop.
Attempt to add Okta to spring-boot-security-saml-sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Index: src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java | |
IDEA additional info: | |
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP | |
<+>UTF-8 | |
=================================================================== | |
--- src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java (revision 588339818cd07dcec3a28e927ea23d2ce351cbfc) | |
+++ src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java (revision ) | |
@@ -16,6 +16,7 @@ | |
package com.vdenotaris.spring.boot.security.saml.web.config; | |
+import java.io.IOException; | |
import java.util.ArrayList; | |
import java.util.Collection; | |
import java.util.HashMap; | |
@@ -27,6 +28,7 @@ | |
import org.apache.commons.httpclient.protocol.Protocol; | |
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; | |
import org.apache.velocity.app.VelocityEngine; | |
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; | |
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; | |
import org.opensaml.saml2.metadata.provider.MetadataProvider; | |
import org.opensaml.saml2.metadata.provider.MetadataProviderException; | |
@@ -37,6 +39,7 @@ | |
import org.springframework.beans.factory.config.MethodInvokingFactoryBean; | |
import org.springframework.context.annotation.Bean; | |
import org.springframework.context.annotation.Configuration; | |
+import org.springframework.core.io.ClassPathResource; | |
import org.springframework.core.io.DefaultResourceLoader; | |
import org.springframework.core.io.Resource; | |
import org.springframework.security.authentication.AuthenticationManager; | |
@@ -273,9 +276,9 @@ | |
@Bean | |
@Qualifier("idp-ssocircle") | |
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider() | |
- throws MetadataProviderException { | |
+ throws MetadataProviderException { | |
@SuppressWarnings({ "deprecation"}) | |
- HTTPMetadataProvider httpMetadataProvider | |
+ HTTPMetadataProvider httpMetadataProvider | |
= new HTTPMetadataProvider("https://idp.ssocircle.com/idp-meta.xml", 5000); | |
httpMetadataProvider.setParserPool(parserPool()); | |
ExtendedMetadataDelegate extendedMetadataDelegate = | |
@@ -284,7 +287,38 @@ | |
extendedMetadataDelegate.setMetadataRequireSignature(false); | |
return extendedMetadataDelegate; | |
} | |
- | |
+ | |
+ @Bean | |
+ @Qualifier("idp-okta") | |
+ public ExtendedMetadataDelegate ssoOktaExtendedMetadataProvider() | |
+ throws MetadataProviderException { | |
+ FilesystemMetadataProvider fileMetadataProvider; | |
+ try { | |
+ fileMetadataProvider = new FilesystemMetadataProvider(new ClassPathResource("/okta-idp.xml").getFile()); | |
+ } catch (IOException e) { | |
+ e.printStackTrace(); | |
+ throw new MetadataProviderException(e.getMessage()); | |
+ } | |
+ fileMetadataProvider.setParserPool(parserPool()); | |
+ ExtendedMetadataDelegate extendedMetadataDelegate = | |
+ new ExtendedMetadataDelegate(fileMetadataProvider, extendedMetadata()); | |
+ /* | |
+ Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from https://medamerica.okta.com/app/k2gpb06TOMYOKAWUSXJM/sso/saml/metadata | |
+ at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:274) | |
+ at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:255) | |
+ ... 29 more | |
+Caused by: javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname validation for name: null | |
+ */ | |
+ /*HTTPMetadataProvider httpMetadataProvider | |
+ = new HTTPMetadataProvider("https://medamerica.okta.com/app/k2gpb06TOMYOKAWUSXJM/sso/saml/metadata", 10000); | |
+ httpMetadataProvider.setParserPool(parserPool()); | |
+ ExtendedMetadataDelegate extendedMetadataDelegate = | |
+ new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());*/ | |
+ extendedMetadataDelegate.setMetadataTrustCheck(false); | |
+ extendedMetadataDelegate.setMetadataRequireSignature(false); | |
+ return extendedMetadataDelegate; | |
+ } | |
+ | |
// IDP Metadata configuration - paths to metadata of IDPs in circle of trust | |
// is here | |
// Do no forget to call iniitalize method on providers | |
@@ -292,6 +326,7 @@ | |
@Qualifier("metadata") | |
public CachingMetadataManager metadata() throws MetadataProviderException { | |
List<MetadataProvider> providers = new ArrayList<MetadataProvider>(); | |
+ providers.add(ssoOktaExtendedMetadataProvider()); | |
providers.add(ssoCircleExtendedMetadataProvider()); | |
return new CachingMetadataManager(providers); | |
} | |
@@ -522,4 +557,4 @@ | |
.authenticationProvider(samlAuthenticationProvider()); | |
} | |
-} | |
\ No newline at end of file | |
+} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's a working example here https://github.com/ulisesbocchio/spring-boot-security-saml in one of the demo apps. Also, there's a Spring Boot plugin there to avoid the boiler plate of spring security saml