Reputation: 13637
Spring SAML credentials and platform accounts
I was able to integrate Spring Boot and Spring Security SAML by using the @ImportResource annotation.
Now, I'd like to go on as follows:
- the user selects an IdP [DONE].
- it performs the login (successful) [DONE].
- the SP obtains user data (by parsing the SAMLCredential object) [DONE].
- the webapp had to check if the userID (e.g email) retrieved via SAML exists in my own DB.
- a) If yes, the webapp reads from the DB the role and sets related privileges.
b) If no, the webapp had to perform a redirect to a sign-up page, in order to insert the user into the system.
Make it sense perform the points 4 and 5 by using a UserDetailsService implementation or have I to setup the security context defining authentication providers, filters, etc?
Upvotes: 1
Views: 1448
Answers (1)
Reputation: 15533
You should implement org.springframework.security.saml.userdetails.SAMLUserDetailsService and plug it into the samlAuthenticationProvider bean. In case user doesn't exist you should throw UsernameNotFoundException exception, otherwise just populate and return data from your DB.
On top of that you should implement your own org.springframework.security.web.authentication.AuthenticationFailureHandler and plug it into samlWebSSOProcessingFilter bean. This implementation will be called with the UsernameNotFoundException sent as a parameter and you can then redirect the user to the correct sign-up page as a reaction to it.
Upvotes: 2
Related Questions
- How can I login into web application with SAML using system credentials in java
- Spring SAML Security Integration with Spring Web application
- Spring - How to implement Single Sign-On with SAML 2.0
- SAML Configuration
- Authentication using SAML in spring boot
- Spring Security SAML - how to configure client auth?
- Authenticate using SAML-based Basic Authentication?
- SPRING SAML Authentication not working
- Spring Security using SAML 1.1
- Spring SAML 2.0