Reputation: 169
SAML Request without service provider certificate
I implemented spring boot security saml example using https://github.com/oktadeveloper/okta-spring-boot-saml-example
It's working with Okta IdP.
But, I want to send SAML Request without service provider certificate to my own IdP.
Could you please help me to disable service provider certificate.
Please find below configure code:
@Override protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/saml*").permitAll().anyRequest().authenticated().and().apply(saml())
.serviceProvider().keyStore().storeFilePath(this.keyStoreFilePath).password(this.password)
.keyname(this.keyAlias).keyPassword(this.password).and().protocol("https")
.hostname(String.format("%s:%s", "localhost", this.port)).basePath("/").and().identityProvider()
.metadataFilePath(this.metadataUrl);
}
Please find attached below sample SAMLrequest:
Upvotes: 0
Views: 2174
Answers (1)
Reputation: 2744
But, I want to send SAML Request without service provider certificate to my own IdP.
The certificate is only sent when HTTP POST binding is binding used and the SAML AuthnRequest needs to be digitally signed.
Check the IdP meta data file and remove attribute WantAuthnRequestsSigned="true" from IDPSSODescriptor.
Upvotes: 0
Related Questions
- Spring SAML handshake failure - Failed to validate untrusted credential against trusted key
- Spring Security SAML plugin - No hosted service provider is configured exception
- How to configure service provider with spring-security-saml2 to consume EncryptedAssertions?
- Implementing a SAML 2.0 Service Provider using Spring Boot
- SSL peer failed hostname validation in Spring SAML
- Spring saml integration with IDP server got SSL peer failed hostname validation for name: null
- Spring Security SAML - HTTPS connections
- SSL configuration issue with Spring-SAML
- Spring SAML to make a direct SOAP call to the Identity Provider
- How to disable Service provider initialized SSO in Spring SAML?