spring-bootsingle-sign-onhttpresponsesamljava-17

SAML SpringBoot 3.3.X response didn't reads by backend

I'm trying to implement SSO on a Java 17 application with Spring Boot 3.3.6 and Okta.

I am encountering a problem when my IDP responds with the SAML response.

On OKta, my user is successfully connected.

I'm using the default URLS: /saml2/authenticate/okta /login/saml2/sso/okta

I've tested my Okta configuration with the Spring example repo, and everything works fine. https://github.com/spring-projects/spring-security-samples

On the other hand, in my project, I always get the error No relying party registration found

I'm following the spring documentation for setting up

<repositories>
    <!-- ... -->
    <repository>
        <id>shibboleth-releases</id>
        <url>https://build.shibboleth.net/nexus/content/repositories/releases/</url>
    </repository>
</repositories>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-saml2-service-provider</artifactId>
</dependency>

In my application.properties I have this

spring.security.saml2.relyingparty.registration.okta.assertingparty.metadata-uri=https://dev-XXXXXX.okta.com/app/XXXXXXXXXXXXX/sso/saml/metadata

My configuration seems to have been taken into account because I get the OKTA pop-up to connect, and I have a success status with Okta.

The error (No relying party registration found) is a little misleading when you look at the class (Saml2WebAuthenticationFilter), the error comes from here :

    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        Authentication authentication = this.authenticationConverter.convert(request);
        if (authentication == null) {
            Saml2Error saml2Error = new Saml2Error("relying_party_registration_not_found", "No relying party registration found");
            throw new Saml2AuthenticationException(saml2Error);
        } else {
            this.setDetails(request, authentication);
            this.authenticationRequestRepository.removeAuthenticationRequest(request, response);
            return this.getAuthenticationManager().authenticate(authentication);
        }
    }

My authentication is null. I can't understand why my SAML response isn't being read.

I'd like to be able to identify and correct the problem in order to implement SSO. Thank you

Solution

  • I was able to help myself out, I had a filter that modified the request to keep only what it was interested in. That's why I didn't have my SAML