How can I get roles or groups from Azure SAML 2.0 Application in Spring Boot

Question

I have a spring boot application where I need to limit access for specific endpoints. So far I can authenticate against Azure using SAML 2.0.

This is the main configuration of the authentication in Spring

@Override
	protected void configure(HttpSecurity http) throws Exception {

		http
				.exceptionHandling()
				.authenticationEntryPoint(samlEntryPoint());

		http
				.csrf()
				.disable();


		http
				.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
				.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);

		http
				.authorizeRequests()
				.antMatchers("/error").permitAll()
				.antMatchers("/saml/**").permitAll()
				.anyRequest().authenticated();

		http
				.logout()
				.logoutSuccessUrl("/");

	}

in Azure I have added the roles to the claim values as shown in the image below

Azure Claims

My target is to be able evantaully to do something like the following:

@GetMapping("/")
	@PreAuthorize("hasRole('User')")
	public String getSample(Principal principal) {
		log.info("Get Request");
		return "Hello";
	}

Sébastien PRAT Sébastien PRAT · Accepted Answer · 2019-03-06T10:08:03

Next step would be to implement your own SAMLUserDetailsService that would return the corresponding UserDetail instance with the rights Authorities granted to the user.

You would have to retrieve the list of Azure role from the SAMLCredential (something like credential.getAtttributeAsString(<your_attribute_name>) then you would have to map theses values with the list of authorities defined in your application.

How can I get roles or groups from Azure SAML 2.0 Application in Spring Boot

1 Answers