Reputation: 21
Retrieve Entire SAML Response in Spring Security SAML Extension
I have a Spring Boot application that is setup as a Service Provider. My end goal is to be able to call the AWS STS Assume Role with SAML service to generate AWS temporary credentials on behalf of the user with the SAML response used to initially authenticate users of my application.
I found this other question. With that answer I am able to get only the assertion, not the entire response. From my testing, the AWS API call linked above wants the entire response, not just the assertion piece.
I used this Chrome Extension to view the SAML response. When I include everything (outline below)
<samlp:Response>
...
<saml:Assertion>
...
</saml:Assertion>
</samlp:Response>
The AWS STS Assume Role with SAML works. The other related question's answer only provides me the
<saml:Assertion>...</saml:Assertion>
block and the AWS STS Assume Role with SAML fails.
So my question is how do I get the entire SAML Response XML object back in a controller of my Spring Boot application?
Upvotes: 2
Views: 4403
Answers (1)
Reputation: 449
I don't know any direct way in spring-security-saml, but maybe you could try to implement your own SAMLProcessingFilter ie simply extending the existing one and overriding the method attemptAuthentication().
Principle:
- In this method, you have access to the response returned from the IdP and post back to the SP (at least in a Redirect-POST profile)
- You probably have a way to extract what you need from the httpRequest
- Then you can store (session, ThreadLocal variable, ...)
- And finally you delegate the authentication process to the parent (by calling super.attemptAuthentication())
`
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if ("POST".equalsIgnoreCase(request.getMethod())) {
String samlResponse = request.getParameter("SAMLResponse");
System.out.println("Original SAML Response (base64 decoded) : " + new
String(Base64.getDecoder().decode(samlResponse), StandardCharsets.UTF_8));
}
return super.attemptAuthentication(request, response);
}
`
Upvotes: 2
Related Questions
- SAML Http Request Intercept with Spring Boot
- Spring Security SAML: Extract Attributes from a saml2p:Response as user attributes
- Saml with spring security - retrieving group credentials
- SAML Configuration
- How to get SAML response string after successful login from spring security saml
- Processing SAML response with Spring SAML
- SAML AuthnResponse not being decoded after successful authentication
- Retrieving username and details form SAMLResponse
- how to get SAMLResponse from request
- Spring SAML 2.0