stackoom
  简体   繁体   中英

Integrate Spring SAML with Oauth2 , token for REST API access

 原文  2018-01-18 08:51:09       java/ spring-security/ spring-security-oauth2/ spring-saml

Question

Integrate Spring SAML with Oauth2 token for REST API access

With the Spring SAML Extension i am able to configure the SAML Authentication and able to get the Assertion back to SP, followed the link ,

now , it is returning to this "/landing", and getting Assertion and Authentication Object in SAMLUserDetailsService and SAMLAuthenticationProvider,UserDetails Object is populated in SAMLUserDetailsService. 

@Bean
    public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
        SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler =
                new SavedRequestAwareAuthenticationSuccessHandler();
        successRedirectHandler.setDefaultTargetUrl("/landing");
        return successRedirectHandler;
    }

Now my question is , how can i generate the Auth token? from this point, there is not much details available so far i tried , created custom Filter , which intercept "/landing" and tried to modify the URL to /oauth/token?grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=AssertionToBase64Url( followed ), but not able to generate token. My current configuration, Spring security with oauth implementation and spring saml is also working independently , so now i want use this two features jointly.

my ResourceServerConfiguration.java 

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_ID = "my_rest_api";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID).stateless(false);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.
        anonymous().disable()
        .requestMatchers().antMatchers("/user/**")
        .and().authorizeRequests()
        .antMatchers("/user/**").access("hasRole('ADMIN')")
        .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    }

}

my AuthorizationServerConfiguration.java 

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    private static String REALM="MY_OAUTH_REALM";

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()
            .withClient("my-trusted-client")
            .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
            .scopes("read", "write", "trust")
            .secret("secret")
            .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.
            refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.realm(REALM+"/client");
    }

}

can anyone suggest, how to integrate this, so that, authentication done in IDP and return to SP after successful assertion(Authorization part is done) from IDP will generate a auth access,refresh token , with that token user able to access the api. Can anyone provide some sort of solution...

1 answers

solution1
 0  2018-02-21 09:13:43

A while back I hit the same challenge, and after figuring it out I have written an article (which cannot be posted here...). Basically, your oAuth authorization-server is a "bridge" that adapts your SAML backend to oAuth, and vise-versa... find it here:

How-to-integrate-Spring-oAuth-with-Spring-SAML

There is also a repo in GitHub with all the sources, as an example:

https://github.com/OhadR/spring-oAuth2-SAML-integration

I know it just links, but again - article is too long and detailed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OAuth2 with Spring Boot REST application - cannot access resource with token Get access token from Oauth2 rest api using java Spring generate oauth2 access token programmatically Spring Oauth2 Invalid access token Spring OAuth2 Access Token in HTTP Header Spring REST api OAuth2 validating token from external authorization server Spring security oauth2 - Can't access /oauth/token route Spring OAuth2 - Manually creating an access token in the token store Spring OAuth2 refresh token to change after refreshing access token Spring OAuth2 Generate Access Token per request to the Token Endpoint
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM