Skip to content

Saml2Authentication isn't serializable #7681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
clemstoquart opened this issue Nov 28, 2019 · 2 comments · Fixed by #7683
Closed

Saml2Authentication isn't serializable #7681

clemstoquart opened this issue Nov 28, 2019 · 2 comments · Fixed by #7683
Assignees
@eleftherias
Labels
in: saml2 An issue in SAML2 modules status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.3.0.M1

Comments

@clemstoquart
Copy link
Contributor

Hi Spring Security team,

I've encounter an issue using the new Saml2 support with Spring Session.

In the OpenSamlAuthenticationProvider class in the authenticate method we create the authentication this way :

new Saml2Authentication(
    () -> username, token.getSaml2Response(),
    this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion))
)

But this isn't serializable with the default serializer provided by Spring Session.

Solution

IMO provide an implementation of the AuthenticatedPrincipal instead of using an anonymous class should do the trick here.

What do you think about that ?

Have a nice day :)
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 28, 2019
@eleftherias
Copy link
Contributor

@clemstoquart Thanks for the report and for the work you're doing with the new SAML2 support!
I can see the problem and I agree that creating a SAML2 implementation of AuthenticatedPrincipal is an appropriate solution.
Are you interested in submitting a PR for this fix?

@eleftherias eleftherias self-assigned this Nov 28, 2019
@eleftherias eleftherias added in: saml2 An issue in SAML2 modules type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 28, 2019
@clemstoquart
Copy link
Contributor Author

@eleftherias you're welcome :)

Yes I'm preparing a PR.

@clemstoquart clemstoquart mentioned this issue Nov 28, 2019
Merged
@eleftherias eleftherias added this to the 5.3.0.M1 milestone Dec 12, 2019
eleftherias added a commit that referenced this issue Dec 12, 2019
@eleftherias
Polish SAML2 principal classes
da3f180 
Update @SInCE

Issue: gh-7681
eleftherias added a commit that referenced this issue Dec 12, 2019
@eleftherias
Polish SAML2 principal classes
59ca2dd 
Update @SInCE

Issue: gh-7681
@eleftherias eleftherias modified the milestones: 5.3.0.M1, 5.2.2 Dec 12, 2019
@eleftherias eleftherias added the status: backported An issue that has been backported to maintenance branches label Dec 12, 2019
@eleftherias eleftherias modified the milestones: 5.2.2, 5.3.0.M1 Dec 12, 2019
@eleftherias eleftherias added for: backport-to-5.2.x and removed status: backported An issue that has been backported to maintenance branches labels Dec 12, 2019
@spring-projects-issues spring-projects-issues added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.2.x labels Dec 12, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: saml2 An issue in SAML2 modules status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging a pull request may close this issue.

Make Saml2Authentication serializable clemstoquart/spring-security
3 participants
@clemstoquart @eleftherias @spring-projects-issues