Closed
Description
Related to #10243
To customize how a RelyingPartyRegistration is resolved from a login request, an application needs to configure an Saml2AuthenticationTokenConverter in the DSL:
@Bean
SecurityFilterChain appSecurity(HttpSecurity http, RelyingPartyRegistrationRepository registrations) throws Exception {
RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(registrations);
Saml2AuthenticationTokenConverter authenticationConverter = new Saml2AuthenticationTokenConverter(registrationResolver);
http
.authorizeHttpRequests((authorize) -> authorize
.anyRequest().authenticated()
)
.saml2Login((saml2) -> saml2
.authenticationConverter(authenticationConverter)
);
return http.build();
}Because a Saml2AuthenticationTokenConverter is often based on a RelyingPartyRegistrationRepository bean, this could be modestly simplified by Saml2LoginConfigurer picking up a Saml2AuthenticationTokenConverter bean:
@Bean
Saml2AuthenticationTokenConverter authenticationConverter(RelyingPartyRegistrationRepository registrations) {
RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(registrations);
return new Saml2AuthenticationTokenConverter(registrationResolver);
}