Spring Boot: How to specify nameID policy for SAML

0
votes

I am using Spring Boot v2.3.3.

I am trying to add SSO support to my application by using the saml support added to spring in v5.2: (https://docs.spring.io/spring-security/site/docs/5.2.1.RELEASE/reference/htmlsingle/#saml2)

I am fairly new to Spring and SAML, and while that reference page mentions that the current feature set "Supports encrypted NameId elements", I am not sure how to configure the application to add a name ID format, or how to send the name ID to the Identity Provider.

I replicated the Spring Boot sample application here (https://github.com/spring-projects/spring-security/tree/5.3.x/samples/boot/saml2login), but my IDP says they need a nameID as well.

Any help in understanding what I need to add will be much appreciated.

1
springspring-bootspring-securitysaml-2.0spring-saml

1 Answers

0
votes

In your are using code-based configuration you could use

  @Bean
  public WebSSOProfileOptions defaultWebSSOProfileOptions() {
    WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
    // do not enable IdP-Proxy support
    webSSOProfileOptions.setIncludeScoping(false);
    webSSOProfileOptions.setNameID(NameIDType.TRANSIENT);
    return webSSOProfileOptions;
  }

However normally the IdP defines it supported NameID formats in the IdP meta data file Spring Security SAML would use the first NameID format specified. You could reorder this.