search

oktadev / okta-spring-boot-saml-example

Spring Boot, SAML, and Okta
https://developer.okta.com/blog/2022/08/05/spring-boot-saml
Apache License 2.0
77 stars 57 forks source link

Availability in Springboot 2.7 #24

Closed zeyugan closed 1 year ago

zeyugan commented 1 year ago

Hi there,

I'm trying to integrate this sample into our app, but Springboot 3 is still in milestone and we generally prefer 2.x to minimize the changes required for other components.

I've tried to run the sample with 2.7 (Java version 17), but got this error message: The InResponseTo attribute [ARQ66d65b4-29c6-4de1-b4f3-f655b236f033] does not match the ID of the authentication request [ARQbcd7b01-2e84-4849-8e63-558652f1681f] I've checked the Okta report logs and it seems that the SSO itself was successful, but for some reason this InResponseTo attribute would not match.

The only change in dependencies is thymeleaf-extras-springsecurity6 -> 5, and of course org.springframework.boot to 2.7.0. This is the full gradle file:

plugins { id 'org.springframework.boot' version '2.7.0' id 'io.spring.dependency-management' version '1.0.12.RELEASE' id 'java' } group = 'com.example' version = '0.0.1-SNAPSHOT' sourceCompatibility = '17' repositories { mavenCentral() maven { url 'https://repo.spring.io/milestone' } maven { url 'https://repo.spring.io/snapshot' } maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" } } dependencies { constraints { implementation "org.opensaml:opensaml-core:4.1.1" implementation "org.opensaml:opensaml-saml-api:4.1.1" implementation "org.opensaml:opensaml-saml-impl:4.1.1" } implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5' implementation 'org.springframework.security:spring-security-saml2-service-provider' testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'org.springframework.security:spring-security-test' } tasks.named('test') { useJUnitPlatform() }

I suspected whether it was due to the thymeleaf version (I'm not too familiar with this package) but the same error occurs even if I change the protected request to a ordinary GET call.

Can I check if the sample works with SpringBoot 2.7, or it has to be the latest Springboot 3 for it to work? Any help is appreciated!

mraible commented 1 year ago

When I first wrote this example, I experienced something similar. It was caused by the favicon request. Maybe this still happens with 2.x?

https://github.com/oktadev/okta-spring-boot-saml-example/pull/23

zeyugan commented 1 year ago

Hi @mraible, I noticed that after I integrated the code sample into my backend application (so there is no thymeleaf or html involved at all), the SSO was able to go through.

It may indeed be due to the favicon as you mentioned. Thanks so much for this information and I will test a bit more in this direction to double confirm.