Any chance getting this upgraded to work with Grails 5.1? #74
Comments
|
I am able to get the SAML plugin to work under all releases of Grails 5.1.x except v5.1.8. The latest release throws the following exception on startup: |
|
@jnunderwood How did you get it working under 5.1.x? Did you at one point see the issue I had, and if you did how did you work around it? |
|
@tucker-bluesage I didn't have to do anything differently going from Grails v4.x to v5.1.x. I never had any issues at all until v5.1.8 |
|
I have used the 4.0.4 version of this plugin on Grails 5.1.6 without any problems which is why I haven't bothered to update the plugin. When you consider that this plugin is a wrapper for the deprecated spring-security-saml extension that Spring offers it didn't make any sense to put in any effort and to instead redo the whole thing with Spring Security 5 which has SAML support via spring-security-saml-service-provider. There is an experimental 5.0.x branch that contains a release candidate that you can build yourself and upload ( Now that Bintray is gone, the alternative, i.e. uploading to maven central appears to be a chore so I haven't published anything yet. |
|
I moved the repository to https://github.com/grails-spring-security-saml/grails-spring-security-saml because I needed to verify ownership of the reverse domain name for maven central on sonatype. The latest version of the plugin is available on maven central via |
|
I tried the new repo on a project using Grails 5.1.8, running inside a Linux Docker container via JDK 11, but I got this exception on start up: |
The plugin is looking for a password for the key 'cleanhandsdev' in your keystore. I had to abandon the KeyManager and it is now always asking for a password. The plugin doesn't complain much on the happy path but it apparently breaks in unexpected places. You need and if necessary, you need to add the password to the keystore entry too. Use e.g. Keystore explorer to add the password. |
|
@valentingoebel I had already included a password in the SAML section as well as added a password to the keystore. Here is my SAML config: grails:
plugin:
springsecurity:
providerNames: [ 'samlAuthenticationProvider', 'anonymousAuthenticationProvider' ]
saml:
active: true
afterLoginUrl: '/'
afterLogoutUrl: '/'
responseSkew: 300
signatureAlgorithm: 'rsa-sha256'
digestAlgorithm: 'sha256'
userGroupAttribute: 'memberOf'
autoCreate:
active: true
key: 'username'
assignAuthorities: false
metadata:
defaultIdp: 'IDP_SERVER.saml2'
url: '/saml/metadata'
providers:
ping: 'security/MYAPP.idp.xml'
sp:
file: 'security/MYAPP.sp.xml'
defaults:
local: true
entityId: 'MYAPP'
alias: 'MYAPP'
securityProfile: 'metaiop'
signingKey: 'MYAPP'
encryptionKey: 'MYAPP'
tlsKey: 'MYAPP'
requireArtifactResolveSigned: false
requireLogoutRequestSigned: false
requireLogoutResponseSigned: false
keyManager:
storeFile: 'classpath:security/MYAPP.jks'
storePass: 'MY_PASSWORD'
passwords:
'MYAPP': 'MY_PASSWORD'
defaultKey: ''This hasn't changed since moving from Grails 5.1.7 to 5.1.8. Any insight you have would be greatly appreciated. Thanks. |
|
@jnunderwood This version contains warning and error messages for common configuration errors. There is a catch though, metadata.url has must now contain {registrationId} to identify the registrations. You can leave it out, then it is the same as the Spring Security defaults: https://docs.spring.io/spring-security/site/docs/5.2.1.RELEASE/reference/htmlsingle/#saml2 |
|
Thank you for the new release. I have upgraded to SAML plugin v5.0.0-RC3, while remaining on Grails v5.1.7, and changed my saml.metadata.url to: |
|
There are two options: You can use the taglib of the plugin: or you can just go to the path For logout you can optionally to check if the current authentication is using SAML: then you can go to |
|
Hmmm. I'm going directly to the path you suggested and it still takes me back to the standard |
|
I can't pinpoint the problem. Try setting
|
|
@valentingoebel I finally got everything to work. Reading the |
I've been doing an upgrade and found that one of my apps which uses optionally uses this plugin for security breaks with the following error:
The same app will run just fine if I remove this plugin and a small amount of related code. Just taking a glance at it all the depdencies probably need to be updated in build.gradle, and I'm not sure what else that might cause in terms of updates.
Updated with the right stack trace. I've been chasing a couple of different errors in my upgrades.
The text was updated successfully, but these errors were encountered: