I'm trying to add SAML integration to an existing application that manages authentication itself using Spring Security. The idea is that users can either log in through the traditional login form, or navigate to a SAML authentication page that will initiate SAML authentication by looking up their SAML provider by email and then redirect them properly.
I'm studying the spring-security-saml/sample application and kind of losing the forest for the trees. My first thought was to merge the code from spring-security-saml into the existing codebase, but then I get this exception:
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your namespace or FilterChainProxy bean configuration
Of course there is no /** in either my configuration or the Spring Security SAML one, except for the <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/> line, but even commenting out the whole <security:http entry-point-ref="samlEntryPoint">...</security:http> block does not seem to make the problem go away, so I suspect this is coming from the code somewhere.
To be totally honest I just don't see which things in the sample app are necessary for everyone and which are necessary for me, or what I should do to integrate these.
I can see that I need a SAMLUserDetailsService to load my users, but otherwise I'm quite at sea.
Aucun commentaire:
Enregistrer un commentaire