Documentation: Note on spAuthenticationResponseFilter and defaultTargetUrl

Question

Documentation: Note on spAuthenticationResponseFilter and defaultTargetUrl

kraxner opened this issue 5 years ago · 0 comments

Less issue than addition to the documentation:

I understand this is only a sample application, but with

    public Filter spAuthenticationResponseFilter() {
            SamlResponseAuthenticationFilter filter = (SamlResponseAuthenticationFilter)         super.spAuthenticationResponseFilter();
            filter.setAuthenticationManager(new SamlAuthenticationManager());
            return filter;
        }

in conjunction with SSL terminated by e.g. a load balancer you will run into the problem that after successful authentication via IdP a redirect is done to http:// ... instead of https://
(because the defaultTargetUrl is /, which then is expanded ...)

By setting the successhandler explicitely the defaultTargetUrl can be set, e.g. using the already defined basepath (which is used to generate the metadata?)

    ...
    filter.setAuthenticationManager(new SamlAuthenticationManager());

    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setDefaultTargetUrl(basePath);
    filter.setAuthenticationSuccessHandler(successHandler);
    ...