I want to override the spring security saml2 error response. Our application is integrated with forged Rock. After keeping it idle for few mins, it gives error on entering the OTP. So the current error response is below: "The response contained an InResponseTo attribute [ARQ5f429f6-f4de-4b41-a0f9-894babdd5a14] but no saved authentication request was found" I need to customize this error response, so that the client will be able to understand it properly.
I have tried adding below code: @Component final class OpenAuthenticationProvider implements Converter<Response, Saml2ResponseValidatorResult> { private final Converter<OpenSaml4AuthenticationProvider.ResponseToken, Saml2ResponseValidatorResult> delegate = OpenSaml4AuthenticationProvider.createDefaultResponseValidator();
@Override
public Saml2ResponseValidatorResult convert(Response source) {
Saml2ResponseValidatorResult result = this.delegate.convert((OpenSaml4AuthenticationProvider.ResponseToken) source);
Collection<Saml2Error> errors = result.getErrors().stream()
.filter((error) -> !error.getErrorCode().equals(INVALID_IN_RESPONSE_TO))
.collect(Collectors.toList());
var errorList = Arrays.asList(new Saml2Error(INVALID_IN_RESPONSE_TO, "Page is idle for long"));
return Saml2ResponseValidatorResult.failure(errorList);
}
} and in Security Configuration: @Bean AuthenticationProvider authenticationProvider(OpenAuthenticationProvider validator) { OpenSaml4AuthenticationProvider authenticationProvider = new OpenSaml4AuthenticationProvider(); String errorMessage = "Please refresh the page and try again"; authenticationProvider.setResponseValidator(responseToken -> { Saml2ResponseValidatorResult result = createDefaultResponseValidator() .convert(responseToken);
return result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, errorMessage));
});
return authenticationProvider;
}