Package org.springframework.security.saml2.provider.service.web

Class OpenSaml4AuthenticationTokenConverter

java.lang.Object

org.springframework.security.saml2.provider.service.web.OpenSaml4AuthenticationTokenConverter

All Implemented Interfaces:

org.springframework.security.web.authentication.AuthenticationConverter

public final class OpenSaml4AuthenticationTokenConverter
extends Object
implements org.springframework.security.web.authentication.AuthenticationConverter

An AuthenticationConverter that generates a Saml2AuthenticationToken appropriate for authenticated a SAML 2.0 Assertion against an AuthenticationManager.

Since:

6.1

Constructor Summary

Constructors

Constructor	Description
OpenSaml4AuthenticationTokenConverter(RelyingPartyRegistrationRepository registrations)	Constructs a OpenSaml4AuthenticationTokenConverter given a repository for RelyingPartyRegistrations

Method Summary

Modifier and Type	Method	Description
Saml2AuthenticationToken	convert(jakarta.servlet.http.HttpServletRequest request)	Resolve an authentication request from the given HttpServletRequest.
void	setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)	Use the given Saml2AuthenticationRequestRepository to load authentication request.
void	setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)	Use the given RequestMatcher to match the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OpenSaml4AuthenticationTokenConverter

public OpenSaml4AuthenticationTokenConverter(RelyingPartyRegistrationRepository registrations)

Constructs a OpenSaml4AuthenticationTokenConverter given a repository for RelyingPartyRegistrations

Parameters:

registrations - the repository for RelyingPartyRegistrations RelyingPartyRegistrations

Method Details

convert

public Saml2AuthenticationToken convert(jakarta.servlet.http.HttpServletRequest request)

Resolve an authentication request from the given HttpServletRequest.

First uses the configured RequestMatcher to deduce whether an authentication request is being made and optionally for which registrationId.

If there is an associated <saml2:AuthnRequest>, then the registrationId is looked up and used.

If a registrationId is found in the request, then it is looked up and used. In that case, if none is found a Saml2AuthenticationException is thrown.

Finally, if no registrationId is found in the request, then the code attempts to resolve the RelyingPartyRegistration from the SAML Response's Issuer.

Specified by:

convert in interface org.springframework.security.web.authentication.AuthenticationConverter

Parameters:

request - the HTTP request

Returns:

the Saml2AuthenticationToken authentication request

Throws:

Saml2AuthenticationException - if the RequestMatcher specifies a non-existent registrationId

setAuthenticationRequestRepository

public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository)

Use the given Saml2AuthenticationRequestRepository to load authentication request.

Parameters:

authenticationRequestRepository - the Saml2AuthenticationRequestRepository to use

setRequestMatcher

public void setRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher requestMatcher)

Use the given RequestMatcher to match the request.

Parameters:

requestMatcher - the RequestMatcher to use