How to change Spring SAML destination endpoint?

1
votes

Is it possible to change destination endpoint in Spring SAML? Default value is /saml/SSO

I need to change that to /sso. I have edited

<bean id="samlFilter"         class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain pattern="/sso" filters="samlWebSSOProcessingFilter"/>

But it does not work. URL*/sso* is treated as URL which requires authentication, not the one that should recieve SAML assertion.

I am using Identity provider initialized SSO, so that URL is the one that recieves base64 encoded XML document (HTTP post request).

If there is no other option, I will do server-side redirect from /sso to saml/SSO, but it would be better to have ability to customize that URL in Spring Saml configuration.

1
javaspringsaml-2.0spring-saml

1 Answers

3
votes

filterProcessesUrl property of samlWebSSOProcessingFilter is correct answer and works fine.

In my case, filterProcessesUrl must be set to "/sso". It was not working for me, because I was setting it to full endpoint URL (scheme://server:port/contextPath/sso) rather that just path.

As stated in documentation, a few other properties must be set to same value (samlFilter filter, and service provider metadata).

Finally, SAML assertions (XML document from Identity Provider) must contain same URLs as configured in Service Provider.