ARTICLE AD BOX
I am seeing a weird problem. My SAML application which was working great in 3.5.9 has problems reading SAML properties from the application.yml file.
I changed to the most basic SAML configuration and it does not work ! See below. Its location is in resources directory. Also, the credentials and okta file is there.
server: port: 8080 logging: level: root: INFO org.springframework.web: DEBUG org.springframework.security: DEBUG org.springframework.security.saml: TRACE org.opensaml.xmlsec: DEBUG pattern: console: "%d{HH:mm:ss.SSS} %-5level - %msg%n" spring: security: saml2: relyingparty: registration: appname: signing: credentials: - private-key-location: "classpath:credentials/private.key" certificate-location: "classpath:credentials/certificate.crt" decryption: credentials: - private-key-location: "classpath:credentials/private.key" certificate-location: "classpath:credentials/certificate.crt" assertingparty: metadata-uri: "https://integrator-NNNN.okta.com/<url>"When I start my Spring boot server with this configuration, it fails with an exception (relyingPartyRegistrationRepository cannot be null)
20:29:21.486 WARN - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChain' defined in class path resource [org/mudra/demosaml/BootSecurityConfig.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: relyingPartyRegistrationRepository cannot be null
My config class is as simple as
@Configuration public class BootSecurityCon fig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated()) .saml2Login(withDefaults()); return http.build(); } }Then when I manually added a Bean for the relying party repository (which mimics the yaml file). It works fine. So, i cannot figure out why it is not reading the SAML security properties from the yaml file. Interestingly, the logging properties were read correctly from the yaml - was just not the SAML properties.
@Bean public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception { ClassPathResource keyResource = new ClassPathResource("credentials/private.key"); ClassPathResource crtResource = new ClassPathResource("credentials/certificate.crt"); // Load your private key and certificate RSAPrivateKey key = (RSAPrivateKey) KeySupport.decodePrivateKey( keyResource.getInputStream(), null); Collection<X509Certificate> certs = X509Support.decodeCertificates( crtResource.getInputStream()); // Create the credential specifically for decryption Saml2X509Credential decryption = Saml2X509Credential.decryption( key, certs.iterator().next()); Saml2X509Credential signing = Saml2X509Credential.signing( key, certs.iterator().next()); RelyingPartyRegistration registration = RelyingPartyRegistrations .fromMetadataLocation("https://integrator-NNN.okta.com/<url>") .registrationId("appname") .decryptionX509Credentials(c -> c.add(decryption) .signingX509Credentials(c -> c.add(signing)) .build(); return new InMemoryRelyingPartyRegistrationRepository(registration); }The pom file is simple. Thats it
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-webmvc</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-saml2-service-provider</artifactId> </dependency> </dependencies>Also the yaml works fine in Spring boot 3.5.9 and Spring security 6. I change the pom,xml to 3.5.9, restart and all works fine ! As per the doc, there is no change in the properties name from 3.5.9 to 4.0 - i looked at the SAML doc online and their examples use the same property names.
Anyone has any thoughts ?
