Reputation: 2007
Saml with spring security - retrieving group credentials
I would like to retrieve group information about the user in most standard way. I'm using ssocicrcle as IdP, and spring security (on Tomcat 8.5) as framework for SSO.
My post-authentication servlet looks like:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
String email = authentication.getName();
// how to get group information
I understand that SSOCircle might not have a notion of group - I will soon be using PingIdentity. But is there some standard concept of group in SAML, and if so, how would I go about retrieving that, when using spring security.
Thanks
Upvotes: 0
Views: 736
Answers (1)
Reputation: 2744
The IdP could provide the 'group' information in whatever format as attribute statements in the assertion. On the SP side you then need to read those attribute statements and 'map' them to security roles on SP side. As there is not standard way of doing this you need to negotiate with the IdP about this.
Upvotes: 1
Related Questions
- SAML2 Authentication with authorization based on SAML assertions
- SAML authenticated users don't appear in Spring Security's SessionRegistry
- Spring Security SAML: Extract Attributes from a saml2p:Response as user attributes
- SAML Configuration
- Authentication using SAML in spring boot
- Spring Security SAML - how to configure client auth?
- Spring SAML credentials and platform accounts
- Authenticate using SAML-based Basic Authentication?
- Retrieving username and details form SAMLResponse
- SPRING SAML Authentication not working