I'm trying to set a Spring WebApplication in order to connect with an ADFS Server in order to accomplish a Web SSO.
The SAML request works fine but when I receive the response from the ADFS I have a redirect loop caused by an authentication problem.
Seems like that after I succesfully stored the UserDetails in Session the next request can't find an HttpSession available so an Anonymous Token is created.
I'm using the wonderful SAML Extension library (http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/) and I've implemented The SAMLUserDetailsService in order to build the UserDetails.
In a second WebApp similar to this everything works fine.
Here my logs:
(SAMLDefaultLogger.java:127) - AuthNResponse;SUCCESS; ...
(AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@aecd14bd:
(SavedRequestAwareAuthenticationSuccessHandler.java:79) - Redirecting to DefaultSavedRequest Url: ...
(DefaultRedirectStrategy.java:36) - Redirecting to ....
(HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@aecd14bd: Authentication: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@aecd14bd: ...
(SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed
(FilterChainProxy.java:337) - / at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
(HttpSessionSecurityContextRepository.java:140) - No HttpSession currently exists
(HttpSessionSecurityContextRepository.java:91) - No SecurityContext was available from the HttpSession: null. A new one will be created.
(FilterChainProxy.java:337) - / at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
(FilterChainProxy.java:337) - / at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
(FilterChainProxy.java:337) - / at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
(FilterChainProxy.java:337) - / at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
(FilterChainProxy.java:337) - / at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
(FilterChainProxy.java:337) - / at position 7 of 12 in additional filter chain; firing Filter: 'FilterChainProxy'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/login/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/logout/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/sso/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/ssohok/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/singlelogout/**'
(FilterChainProxy.java:180) - / has no matching filters
(FilterChainProxy.java:337) - / at position 8 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
(FilterChainProxy.java:337) - / at position 9 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
(FilterChainProxy.java:337) - / at position 10 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
(AnonymousAuthenticationFilter.java:102) - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44:
(ExceptionTranslationFilter.java:165) - Access is denied (user is anonymous); redirecting to authentication entry point ...
I'm using Spring Security 3.2.5.RELEASE
Thanks in advance and sorry for my english
