Package org.springframework.security.saml2.provider.service.web

Class OpenSamlAuthenticationTokenConverter

java.lang.Object

org.springframework.security.saml2.provider.service.web.OpenSamlAuthenticationTokenConverter

All Implemented Interfaces:

AuthenticationConverter

public final class OpenSamlAuthenticationTokenConverter
extends Object
implements AuthenticationConverter

An AuthenticationConverter that generates a Saml2AuthenticationToken appropriate for authenticated a SAML 2.0 Assertion against an AuthenticationManager.

Since:

6.1

Constructor Summary

Constructors

Constructor	Description
OpenSamlAuthenticationTokenConverter(RelyingPartyRegistrationRepository registrations)	Constructs a OpenSamlAuthenticationTokenConverter given a repository for RelyingPartyRegistrations

Method Summary

Modifier and Type	Method	Description
Saml2AuthenticationToken	convert(jakarta.servlet.http.HttpServletRequest request)	Resolve an authentication request from the given HttpServletRequest.
void	setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)	Use the given Saml2AuthenticationRequestRepository to load authentication request.
void	setRequestMatcher(RequestMatcher requestMatcher)	Use the given RequestMatcher to match the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OpenSamlAuthenticationTokenConverter

public OpenSamlAuthenticationTokenConverter(RelyingPartyRegistrationRepository registrations)

Constructs a OpenSamlAuthenticationTokenConverter given a repository for RelyingPartyRegistrations

Parameters:

registrations - the repository for RelyingPartyRegistrations RelyingPartyRegistrations

Method Details

convert

public Saml2AuthenticationToken convert(jakarta.servlet.http.HttpServletRequest request)

Resolve an authentication request from the given HttpServletRequest.

First uses the configured RequestMatcher to deduce whether an authentication request is being made and optionally for which registrationId.

If there is an associated <saml2:AuthnRequest>, then the registrationId is looked up and used.

If a registrationId is found in the request, then it is looked up and used. In that case, if none is found a Saml2AuthenticationException is thrown.

Finally, if no registrationId is found in the request, then the code attempts to resolve the RelyingPartyRegistration from the SAML Response's Issuer.

Specified by:

convert in interface AuthenticationConverter

Parameters:

request - the HTTP request

Returns:

the Saml2AuthenticationToken authentication request

Throws:

Saml2AuthenticationException - if the RequestMatcher specifies a non-existent registrationId

setAuthenticationRequestRepository

public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)

Use the given Saml2AuthenticationRequestRepository to load authentication request.

Parameters:

authenticationRequestRepository - the Saml2AuthenticationRequestRepository to use

setRequestMatcher

public void setRequestMatcher(RequestMatcher requestMatcher)

Use the given RequestMatcher to match the request.

Parameters:

requestMatcher - the RequestMatcher to use