Skip to content

Saml2AuthenticationRequestContext should be extendible #8356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Apr 8, 2020 · 0 comments
Closed

Saml2AuthenticationRequestContext should be extendible #8356

jzheaux opened this issue Apr 8, 2020 · 0 comments
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.4.0-M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 8, 2020

Implementations of Saml2AuthenticationRequestFactory may need additional context other than what Saml2AuthenticationRequestContext gives by default.

For example, it is at times desirable to force authentication by setting the ForceAuthN attribute in the AuthnRequest message. In an implementation of Saml2AuthenticationRequestFactory, an application would need to hard-code this setting or use a global variable to adjust it:

public class MySaml2AuthenticationRequestFactory
        implements Saml2AuthenticationRequestFactory {

    // ...

    public Saml2PostAuthenticationRequest createPostAuthenticationRequest(
            Saml2AuthenticationRequestContext context) {

        AuthnRequest authnRequest = // ...
        if (SomeHolder.shouldForceAuthn()) {
            authnRequest.setForceAuthN(true);
        }

        // ...
    }
}

It would be better if Saml2AuthenticationRequestContext could be extended, allowing applications to pass additional context into the method:

Saml2AuthenticationRequestContext context = new MyContext(...);

// ....

AuthnRequest authnRequest = // ...
if (context.isForceAuthn()) {
    authnRequest.setForceAuthN(true);
}

// ...

Saml2AuthenticationRequestContext should be enhanced in the following ways:

  • It should no longer be final
  • Its constructor should be protected
@jzheaux jzheaux added type: enhancement A general enhancement status: ideal-for-contribution An issue that we actively are looking for someone to help us with in: saml2 An issue in SAML2 modules labels Apr 8, 2020
This was referenced Apr 8, 2020
Closed
Closed
@shazin shazin mentioned this issue Apr 9, 2020
Closed
shazin added a commit to shazin/spring-security that referenced this issue Apr 14, 2020
@shazin
Open Saml2AuthenticationRequestContext\nIssue spring-projectsgh-8356
f5563b6 
Open Saml2AuthenticationRequestContext\nIssue spring-projectsgh-8356
@jzheaux jzheaux self-assigned this Apr 14, 2020
@jzheaux jzheaux added this to the 5.4.0.M1 milestone Apr 14, 2020
@jzheaux jzheaux removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Apr 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M1
Development

No branches or pull requests
1 participant
@jzheaux