Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate SAML assertionConsumerIndex config property #3088

Merged
merged 1 commit into from
Oct 17, 2024
Merged

Deprecate SAML assertionConsumerIndex config property #3088

merged 1 commit into from
Oct 17, 2024

Conversation

hsinn0
Copy link
Contributor

@hsinn0 hsinn0 commented Oct 16, 2024
edited
Loading

  • It only works if set to 0, which is the default value for the optional parameter.

When the property was set to 1, UAA tried to use URI binding as expected per the SAML SP metadata. However, it failed with exception as URI binding is not supported by the saml library, as follows:

ERROR --- SecurityFilterChainPostProcessor$HttpsEnforcementFilter: Uncaught Exception:
javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Endpoint designated by the value in the WebSSOProfileOptions is not supported by this profile
        at org.cloudfoundry.identity.uaa.provider.saml.LoginSamlEntryPoint.commence(LoginSamlEntryPoint.java:70) ~[cloudfoundry-identity-server-0.0.0.jar:?]
...
Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: Endpoint designated by the value in the WebSSOProfileOptions is not supported by this profile
        at org.springframework.security.saml.websso.WebSSOProfileImpl.getAssertionConsumerService(WebSSOProfileImpl.java:180) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
        at org.springframework.security.saml.websso.WebSSOProfileImpl.sendAuthenticationRequest(WebSSOProfileImpl.java:90) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
        at org.springframework.security.saml.SAMLEntryPoint.initializeSSO(SAMLEntryPoint.java:225) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
        at org.cloudfoundry.identity.uaa.provider.saml.LoginSamlEntryPoint.commence(LoginSamlEntryPoint.java:61) ~[cloudfoundry-identity-server-0.0.0.jar:?]
        ... 102 more

@hsinn0
Deprecate SAML assertionConsumerIndex config property
f63ea0f 
- It only works if set to `0`, which is the default value for the optional parameter.
@hsinn0 hsinn0 requested review from duanemay and a team October 16, 2024 17:46
@hsinn0 hsinn0 marked this pull request as ready for review October 16, 2024 17:47
duanemay
duanemay approved these changes Oct 16, 2024
View reviewed changes
Copy link
Member

@duanemay duanemay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hsinn0 hsinn0 requested a review from a team October 16, 2024 18:24
@hsinn0 hsinn0 merged commit 5b48499 into develop Oct 17, 2024
22 checks passed
@hsinn0 hsinn0 deleted the pr/depreate-assertionConsumerIndex branch October 17, 2024 13:33
@hsinn0 hsinn0 restored the pr/depreate-assertionConsumerIndex branch October 17, 2024 13:33
@hsinn0 hsinn0 deleted the pr/depreate-assertionConsumerIndex branch October 17, 2024 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strehle strehle strehle approved these changes

@duanemay duanemay duanemay approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Foundational Infrastructure Working Group
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hsinn0 @duanemay @strehle