Open elch78 opened 4 years ago
I think you are right. This looks like a duplicate of gh-6802 Can you confirm or explain how they are different?
I understood that in your case you have a form login in addition to OAuth2 and still want the login page despite only one oauth provider being configured.
Summary
Oauth2 Auto-redirect if there is only one provider configured does not work.
Actual Behavior
Redirect to login page
Expected Behavior
redirect to provider
Configuration
See example https://github.com/elch78/spring-security-7586.git
Version
5.1.6.RELEASE
Sample
I've debugged the code and found these 2 places
This one works as expected OAuth2LoginConfigurer.init()
if (loginUrlToClientName.size() == 1) { // Setup auto-redirect to provider login page // when only 1 client is configured this.updateAuthenticationDefaults(); this.updateAccessDefaults(http); String providerLoginPage = loginUrlToClientName.keySet().iterator().next(); this.registerAuthenticationEntryPoint(http, this.getLoginEntryPoint(http, providerLoginPage)); }
This one is probably the one with the bug. It's invoked with providerLoginPage=/oauth2/authorization/ciam which is correct I guess. Ciam is our IDP.
OAuth2LoginConfigurer
` private AuthenticationEntryPoint getLoginEntryPoint(B http, String providerLoginPage) { RequestMatcher loginPageMatcher = new AntPathRequestMatcher(this.getLoginPage()); RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico"); RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http); RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher( new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
The last line results in setDefaultEntryPoint with LoginUrlAuthenticationEntryPoint and loginFormUrl="/login"