'Spring Security SAML2 CORS Origin no logged event after authenticated
I want to set up a spring security SAML2, with angular application as frontEnd.
The front end application is hosted in different domain. This is how I configured my SpringSecurity:
protected void configure(HttpSecurity http) throws Exception {
http
// setting up ssl
.requiresChannel(channel -> channel.anyRequest().requiresSecure())
// disabling csrf here, you should enable it before using in production
.csrf().disable()
.cors()
.and()
.authorizeRequests()
.antMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated().and()
.sessionManagement().sessionFixation().none().and()
.saml2Login()
.successHandler(appAuthenticationSuccessHandler())
.defaultSuccessUrl("http://127.0.0.1:4200", true)
.permitAll()
.and()
.httpBasic()
.and()
.headers()
.frameOptions()
.disable()
;
// add auto-generation of ServiceProvider Metadata
Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver = new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository);
Saml2MetadataFilter filter = new Saml2MetadataFilter(relyingPartyRegistrationResolver, new OpenSamlMetadataResolver());
http.addFilterBefore(filter, Saml2WebSsoAuthenticationFilter.class);
}
In my front to chekout if the user is logged or not I use this open endpoint:
https://localhost:8443:/api/auth
My front end is hosted in:
http://localhost:4200
The probleme is after logging, when I try the end point from http://localhost:4200 I get the user information. but when I try the same endpoint from http://127.0.0.1:4200, the response is that there is no user logged.
Any idea?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|