Closed zebdelk closed 6 years ago
Have cleaned up OpenSAML 3 code based mostly on : https://bitbucket.org/srasmusson/webprofile-ref-project-v3
Login.gov is now working, as before, with latest library updates.
Looking very closely at the SP/IDP bindings and making sure configurations make sense -- from there sent Shabaz on ICAM team my latest information in order to move forward.
Update 6/25: Shabaz needed to clean something in our metadata, but should be updating our SP metadata to reflect the "short-term" solution where api-metadata bakes in the SAML endpoints and logic (hopefully through a shareable library once we get the kinks worked out).
I have fixed the problem with an infinite redirect loop in spring security by extending SingleRequestFilter (instead of GenericBeanFilter) and explicitly ignoring when the path is not starting with '/admin/'.
This SSO service is largely how we are addressing the stop-gap between locking down loading metadata through a secure api-metadata endpoint and whatever long term solution (e.g. Keycloak/RH-SSO) we choose for MSN/NOAA as a whole that integrates well in many contexts (SpringBoot, React, Angular, microservices, etc.)
See #600
should try AbstractAuthenticationProcessingFilter: https://www.ebayinc.com/stories/blogs/tech/customizing-spring-security-with-multiple-authentications/
see example at https://github.com/18F/identity-saml-java/blob/master/src/main/java/gov/gsa/samplesp/App.java