Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent #16000

jzheaux · 2024-10-25T19:04:38Z

When an application requests /login/saml2/sso/okta, the default entry point for IdPs to POST a SAMLResponse, the endpoint will throw an exception if the SAMLResponse is missing.

It would be more flexible to instead allow these requests to pass through the filter chain in case another filter or MVC mapping would like to process the endpoint. One reason for this would be if the payload deviates from the SAML 2.0 standard.

The text was updated successfully, but these errors were encountered:

jzheaux added type: enhancement A general enhancement in: saml2 An issue in SAML2 modules labels Oct 25, 2024

jzheaux added this to the 6.5.x milestone Oct 25, 2024

jzheaux mentioned this issue Oct 25, 2024

login url for Saml 2.0 is not working after migration to spring boot 3.3.4 from 2.7.18 #15979

Closed

jzheaux closed this as completed in 67c21de Apr 3, 2025

jzheaux modified the milestones: 6.5.x, 6.5.0-RC1 Apr 3, 2025

jzheaux self-assigned this Apr 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent #16000

Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent #16000

jzheaux commented Oct 25, 2024

Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent #16000

Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent #16000

Comments

jzheaux commented Oct 25, 2024