In reference to this SO question Add request parameter to SAML request using Spring Security SAML
I am wanting to replace the default HTTPRedirectDeflateBinding bean with my own that has a custom HTTPRedirectDeflateEncoder to add query params to my SAML request.
I'm trying to achieve this with the Spring Boot @Bean auto-configuration annotation and being new to the Java environment I can't seem to get it working right. I can see that my bean is registering on startup but the outbound HTTP request is not being intercepted by it and it appears the original redirectBinding still is.
Here is my bean I added into my Configuration class:
@Bean(name="redirectBinding")
@Primary
public HTTPRedirectDeflateBinding HTTPRedirectDeflateBinding()
{
return new HTTPRedirectDeflateBinding(null, new My_SAML_HttpRedirectDeflateEncoder());
}
Here is my encoder I'm trying to pass into the redirect binding
public class My_SAML_HttpRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder{
@Override
protected String buildRedirectURL(SAMLMessageContext messagesContext, String endpointURL, String message)
throws MessageEncodingException {
URLBuilder urlBuilder = new URLBuilder(endpointURL);
List<Pair<String, String>> queryParams = urlBuilder.getQueryParams();
if (messagesContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
queryParams.add(new Pair<String, String>("service", "myService"));
queryParams.add(new Pair<String, String>("serviceType", "dev"));
}
return urlBuilder.buildURL();
}
}
I also attempted the solution proposed from this SO response spring boot adding http request interceptors Similar results, my HandlerInterceptor bean was registered but nothing is being intercepted. I feel like I'm missing a small detail. Any help would be appreciated.
You can redeclare the SAMLProcessor bean - which is used by SAMLProcessingFilter - and add your own binding bean in its bindings list. This is an example, I used in my project.
@Bean
public SAMLProcessorImpl processor() {
Collection<SAMLBinding> bindings = new ArrayList<>();
bindings.add(httpRedirectDeflateBinding());
bindings.add(httpPostBinding());
bindings.add(artifactBinding(parserPool(), velocityEngine()));
bindings.add(httpSOAP11Binding());
bindings.add(httpPAOS11Binding());
return new SAMLProcessorImpl(bindings);
}
Hope it works for you.
1.I think you need to use the super method buildRedirectURL and then add stripped or your custom query params, like this:
@Override
protected String buildRedirectURL(SAMLMessageContext messagesContext, String endpointURL, String message) throws MessageEncodingException {
URLBuilder redirectUrlBuilder = new URLBuilder(super.buildRedirectURL(messagesContext, endpointURL, message));
List<Pair<String, String>> queryParams = redirectUrlBuilder.getQueryParams();
queryParams.addAll(new URLBuilder(endpointURL).getQueryParams());// add stripped query params
return redirectUrlBuilder.buildURL();
}
2.I am not sure if it fine to pass the null to the HTTPRedirectDeflateBinding as decoder. Alternative would suggest to use the default decoder, which accepts ParserPool.
来源:https://stackoverflow.com/questions/48551925/saml-http-request-intercept-with-spring-boot