I need to add an extra parameter called "locale" to the idp url. The url should look like this : https://idpURL?SAMLRequest=...&RelayState=...&SigAlg=...&Signature=...&Locale=DE
I've already done a project that uses the idp to connect. Now I'd like to add this parameter.
@Bean
public SecurityFilterChain filterChain(final HttpSecurity http,
final RelyingPartyRegistrationRepositoryImpl rpRepo,
final SamlResponseAuthenticationConverter authConverter) throws Exception {
RelyingPartyResolver relyingPartyRegistrationResolver = new RelyingPartyResolver(rpRepo);
OpenSaml4AuthenticationRequestResolver authenticationRequestResolver = new OpenSaml4AuthenticationRequestResolver(relyingPartyRegistrationResolver);
authenticationRequestResolver.setRequestMatcher(new AntPathRequestMatcher("/saml/login"));
authenticationRequestResolver.setAuthnRequestCustomizer(authnRequestCustomizer());
OpenSaml4AuthenticationProvider authenticationProvider = new OpenSaml4AuthenticationProvider();
authenticationProvider.setResponseAuthenticationConverter(authConverter);
http.saml2Login(samlLogin ->
samlLogin
.successHandler(samlSuccessRedirectHandler())
.authenticationManager(new ProviderManager(authenticationProvider))
.authenticationRequestResolver(authenticationRequestResolver)
.authenticationConverter(new Saml2AuthenticationTokenConverter(relyingPartyRegistrationResolver))
.loginProcessingUrl("/saml/SSO"));
return http.build();
}
/**
* @return Options used to build the outgoing SAML authentication requests.
*/
@Bean
protected Consumer<OpenSaml4AuthenticationRequestResolver.AuthnRequestContext> authnRequestCustomizer() {
return (c) -> {
final AuthnRequest authnRequest = c.getAuthnRequest();
NameIDPolicy nameIdPolicy = (NameIDPolicy) XMLObjectSupport.buildXMLObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
nameIdPolicy.setAllowCreate(true);
nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
authnRequest.setNameIDPolicy(nameIdPolicy);
authnRequest.setForceAuthn(true);
RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) XMLObjectSupport.buildXMLObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) XMLObjectSupport.buildXMLObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
authnContextClassRef.setAuthnContextClassRef(AUTHN_CONTEXT_CLASS_REF);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
authnRequest.setRequestedAuthnContext(requestedAuthnContext);
};
}
@Bean
SamlSavedRequestAwareAuthenticationSuccessHandler samlSuccessRedirectHandler() {
return new SamlSavedRequestAwareAuthenticationSuccessHandler()();
}
The Saml2WebSsoAuthenticationRequestFilter (from package org.springframework.security.saml2.provider.service.web) takes care of adding various parameters to the idp url via the method. Would it be possible to force it to add other parameters? Is there another way of adding a parameter to this url?