SAML Request without service provider certificate

0
votes

I implemented spring boot security saml example using https://github.com/oktadeveloper/okta-spring-boot-saml-example

It's working with Okta IdP.

But, I want to send SAML Request without service provider certificate to my own IdP.

Could you please help me to disable service provider certificate.

Please find below configure code:

@Override protected void configure(final HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/saml*").permitAll().anyRequest().authenticated().and().apply(saml())
            .serviceProvider().keyStore().storeFilePath(this.keyStoreFilePath).password(this.password)
            .keyname(this.keyAlias).keyPassword(this.password).and().protocol("https")
            .hostname(String.format("%s:%s", "localhost", this.port)).basePath("/").and().identityProvider()
            .metadataFilePath(this.metadataUrl);

}

Please find attached below sample SAMLrequest:

enter image description here

1
spring-bootspring-securitysaml-2.0spring-samlspring-dsl

1 Answers

0
votes

But, I want to send SAML Request without service provider certificate to my own IdP.

The certificate is only sent when HTTP POST binding is binding used and the SAML AuthnRequest needs to be digitally signed.

Check the IdP meta data file and remove attribute WantAuthnRequestsSigned="true" from IDPSSODescriptor.