The effect of CSRF on the project

vdenotaris / spring-boot-security-saml-sample

SBS3 — A sample SAML 2.0 Service Provider built on Spring Boot.

https://sbs3.vdenotaris.com

Apache License 2.0

564 stars 351 forks source link

The effect of CSRF on the project #44

Closed lushoumei closed 6 years ago

lushoumei commented 6 years ago

We saw that you disabled the csrf in the source, but our project need to avoid the csrf attack, so we cannot disable it. When we allow the csrf, the authentication failed, if we disable the csrf like your source, the authentication can success. So we want to know how to solve the problem. can you help us? Thank you very much.

vdenotaris commented 6 years ago

Hi,

Please look at @vschafer's answer about the topic on StackOverflow:

Spring SAML Extension and Spring Security CSRF Protection Conflict

Cheers, V.