I'm pretty new to SAML 2.0 but got tasked with integrating it into our existing webapplication using Spring Security 4.2.2 and Spring Security Saml2 1.0.2.
Our initial tests went fine when using Okta as IdP.
One customer however is unable to process the SAMLRequest in the redirect because the signing algorithm defaults to http://www.w3.org/2000/09/xmldsig#dsa-sha1 which they do not support.
So I need to change this to something that they do support (for example RSA-SHA256).
How can I change the signing algorithm that is used when forwarding to the IdP?
All help greatly appreciated!
I already tried changing the signingAlgorithm property of the defaultMetadata in my metadataGeneratorFilter but that didn't change anything to the SAMLRequest:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityBaseURL" value="..." />
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="signingAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
</bean>
</property>
</bean>
</constructor-arg>
</bean>
UPDATE 1: I discovered that the keystore we were using had the signing algorithm set to DSA so I generated a new keystore with the correct parameters
keytool -genkeypair -alias saml -keypass <password> -keystore saml.jks -keyalg RSA -sigalg SHA256withRSA
This accomplished that the SigAlg parameter was now set to RSA_SHA1 (even though my keystore uses RSA_SHA256 but more on that in UPDATE2)
UPDATE 2: it appears that OpenSaml, more specifically xmltooling, defaults to RSA_SHA1. I found a workaround here: https://myshittycode.com/2016/02/23/spring-security-saml-replacing-sha-1-with-sha-256-on-signature-and-digest-algorithms/
Now my implementation is happily using RSA_SHA256 (yay)
I'm still going to see if we can accomplish the same thing without a custom bootstrap class but at least everything is working right now.
Related
I am trying to learn a jdbc connection project according to this site suggested. (https://www.javatpoint.com/spring-mvc-crud-example).
So far I have got the index page running, and my inputed info is POSTed to my MySQL database(so I somehow assume my connection to database is successful).
However, when i try to viewemp(READ) as suggested on this tutorial, my page could not capture the employee info(the jsp file to display employee info shows, but no data). This is the error log I got.
** BEGIN NESTED EXCEPTION **
javax.net.ssl.SSLException
MESSAGE: closing inbound before receiving peer's close_notify
STACKTRACE:
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
Google seems to be suggesting this is an SSL problem and suggested I should create a application.property file to set up SSL.
is it possible to alter my bean setting in my servlet.xml file setting instead?
<bean id="ds" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<!-- 1. Register JDBC Driver class -->
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<!-- 2. establish connection -->
<property name="url" value="jdbc:mysql://localhost:3306/javatpoint" />
<property name="username" value="root" />
<property name="password" value="********" />
</bean>
There are two ways to fixed this error
Turn off use of SSL by passing extra variable ?useSSL=false
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" name="dataSource">
<!--<property name="driverClassName" value="com.mysql.jdbc.Driver" />-->
<property name="driverClassName" value="com.mysql.cj.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/javatpoint?useSSL=false" />
<property name="username" value="root" />
<property name="password" value="******" />
</bean>
You can also configure it in your mysql database using my.ini file
[Edit 17-11-2022]
If you only wanted to setup self-signed ssl certificate, then Setting up HTTPS for Spring Boot requires two steps:
Generated Self Signed Certificate
Open Terminal (JDK 11, comes with utility)
// generate JKS keystore:
keytool -genkeypair -alias <project-name> -keyalg RSA -keysize 4096 -storetype JKS -keystore <generatedfilename.jks> -validity 3650 -storepass <password>
// generate PKCS12 keystore
keytool -genkeypair -alias <project-name> -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore <generatedfilename.p12> -validity 3650 -storepass password
Setting up with spring-boot properties file (src/main/resources/application.properties)
server.ssl.key-store: classpath:keystore.p12
server.ssl.key-store-password: <password>
server.ssl.key-store-type: pkcs12
server.ssl.key-alias: <project-name>
server.ssl.key-password: <password>
Still now I'm using mongodb version 2.6.9 with spring (REST). In the authentication part, I have edited the mongod.conf file and enabled
auth = true
And added the below codes in spring - applicationContext.xml file
<mongo:mongo host="localhost" port="27017" id="mongo" />
<mongo:db-factory id="mongoDbFactory"
mongo-ref="mongo"
host="localhost"
port="27017"
dbname="********"
username="******"
password="********"
/>
<bean id="mongoTemplate" class="org.springframework.data.mongodb.core.MongoTemplate">
<constructor-arg name="mongoDbFactory" ref="mongoDbFactory" />
</bean>
<!-- Start ## Bean mapping for Restlet service -->
<bean id="basecampComponent" class="org.restlet.ext.spring.SpringComponent">
<property name="defaultTarget" ref="autoRestletAppliction" />
</bean>
<bean id="autoRestletAppliction" class="com.jiit.restlet.frontcontroller.FirstStepsApplication">
<property name="inboundRoot" ref="router" />
</bean>
<bean name="router" class="org.restlet.ext.spring.SpringBeanRouter" />
And the jar's i have used, for the above configuration,
mongo-java-driver-2.12.1.jar &
spring-data-mongodb-1.2.0.RELEASE.jar
Now, I want to upgrade my mongodb to 3.4 Version. And I have tried to edit the mongod.conf file and enabled the security,
security.authorization: enabled
And I have added admin and mydb with users and tried to connect with mongodb client like robomongo and its works fine.
The problem is i'm not able to connect with spring to mongodb.
I have updated the jars to latest version but its not working. Could you please help me ?
I had a similar kind of problem a few days back. But then I stumbled upon this http://mongodb.github.io/mongo-java-driver/2.13/getting-started/quick-tour/ and it solved all my problems of mongodb connectivity through spring.
They have provided a proper explanations and how you could connect to your mongodb with or without credentials.
I am using Apache Camel 2.16.0 with Spring DSL
I have a Spring context XML in which I have defined a Property PlaceHolder to read the properties from various files as follows-
<bean id="propertyPlaceholder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE"/>
<property name="ignoreResourceNotFound" value="false"/>
<property name="locations">
<list>
<value>classpath:/properties/versioning.properties</value>
<value>classpath:/properties/#{inetAddress.hostName}.properties</value>
</list>
</property>
</bean>
<bean id="inetAddress" class="java.net.InetAddress" factory-method="getLocalHost"/>
The property values are used to construct other beans such as -
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.gjt.mm.mysql.Driver"/>
<property name="url" value="${${LIVE_}DATASOURCE_URL}"/>
<property name="username" value="${${LIVE_}DATASOURCE_USERNAME}"/>
<property name="password" value="${${LIVE_}DATASOURCE_PASSWORD}"/>
</bean>
This works fine, I can see the beans being created.
I also have another Spring Context XML in the same app which has a camel context and I want to use the some other properties defined in the same properties files. I know that camel supports Spring Property Placeholder, see below excerpts from the context -
<camelContext id="charge-process-context" xmlns="http://camel.apache.org/schema/spring">
<propertyPlaceholder id="properties"
location="classpath:/properties/versioning.properties,
properties/${env:HOSTNAME}.properties"
xmlns="http://camel.apache.org/schema/spring" />
.....
.....
</camelContext>
As part of this context, I have a route that uses https component that uses the values from the property file such as below -
<to uri="https4:{{LIVE_AUTH_RESPONSE_HOST}}:{{LIVE_AUTH_RESPONSE_PORT}}/{{LIVE_AUTH_RESPONSE_CONTEXT_PATH}}"/>
This route does not start and throws following exception -
Caused by: java.lang.IllegalArgumentException: Cannot find system environment with key: HOSTNAME
at org.apache.camel.util.FilePathResolver.resolvePath(FilePathResolver.java:54)
at org.apache.camel.component.properties.PropertiesComponent.parseLocations(PropertiesComponent.java:434)
at org.apache.camel.component.properties.PropertiesComponent.parseUri(PropertiesComponent.java:163)
at org.apache.camel.component.properties.PropertiesComponent.parseUri(PropertiesComponent.java:148)
at org.apache.camel.impl.DefaultCamelContext.resolvePropertyPlaceholders(DefaultCamelContext.java:2261)
at org.apache.camel.model.ProcessorDefinitionHelper.resolvePropertyPlaceholders(ProcessorDefinitionHelper.java:730)
at org.apache.camel.model.ProcessorDefinition.createOutputsProcessorImpl(ProcessorDefinition.java:427)
at org.apache.camel.model.ProcessorDefinition.createOutputsProcessor(ProcessorDefinition.java:413)
at org.apache.camel.model.ProcessorDefinition.createOutputsProcessor(ProcessorDefinition.java:165)
at org.apache.camel.model.ExpressionNode.createFilterProcessor(ExpressionNode.java:109)
at org.apache.camel.model.WhenDefinition.createProcessor(WhenDefinition.java:74)
at org.apache.camel.model.WhenDefinition.createProcessor(WhenDefinition.java:32)
at org.apache.camel.model.ProcessorDefinition.createProcessor(ProcessorDefinition.java:483)
at org.apache.camel.model.ChoiceDefinition.createProcessor(ChoiceDefinition.java:135)
at org.apache.camel.model.ProcessorDefinition.makeProcessorImpl(ProcessorDefinition.java:534)
at org.apache.camel.model.ProcessorDefinition.makeProcessor(ProcessorDefinition.java:495)
at org.apache.camel.model.ProcessorDefinition.addRoutes(ProcessorDefinition.java:219)
at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:1069)
Please Note: I am deploying my application as a war file on Tomcat 8 on an AWS instance.
I have a Dev Environment on Windows 10 and I have found this working on the Windows OS. I have also seen that the file FilePathResolver.java in Apache Camel 2.16 uses System.getenv(key) to obtain the value i.e. System.getenv("HOSTNAME") which returns a null on AWS instance and a correct value on Windows 10. I also tried using env:hostname (small case letters for unix) but still no luck ...
I found a solution at http://camel.apache.org/using-propertyplaceholder.html
at Bridging Spring and Camel Property Placeholders
It mentions following -
The Spring Framework does not allow 3rd party frameworks such as Apache Camel to seamless hook into the Spring property placeholder mechanism. However you can easily bridge Spring and Camel by declaring a Spring bean with the type org.apache.camel.spring.spi.BridgePropertyPlaceholderConfigurer, which is a Spring org.springframework.beans.factory.config.PropertyPlaceholderConfigurer type.
We have a web application in Java (Spring Framework). For authentication and user management, we are using SSO with LDAP.
The LDAP context is as defined in the bean below:
<bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldaps://aaa.bbb.ccc.edu:636"/>
<property name="base" value="cn=Users,dc=bbb,dc=ccc,dc=edu"/>
<property name="userDn" value="user"/>
<property name="password" value="*****"/>
<property name="pooled" value="true"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<entry key="java.naming.referral">
<value>ignore</value>
</entry>
</map>
</property>
</bean>
Everything works fine, but the connection/queries are very slow.
If the same configuration is changed to non ssl (`ldap://aaa.bbb.ccc.edu:389') it is lightening fast. A query that takes the non SSL context just a few seconds, takes the SSL context 7 minutes.
Is there any LDAPS related configuration missing? I have installed the certificate to JVM using the steps here http://javacolors.blogspot.in/2012/05/how-to-register-ssl-certificates-in.html .
To force the JVM to pool SSL connections, add the following line to your Apache Tomcat /bin/setenv.sh ({{setenv.bat}} for Windows) file
On Linux:
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl' -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"
On Windows:
JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.jndi.ldap.connect.pool.protocol="plain ssl" -Dcom.sun.jndi.ldap.connect.pool.authentication="none simple DIGEST-MD5"
https://confluence.atlassian.com/display/CROWDKB/Performance+problem+when+using+LDAPS
I have a Spring-Web-App that fails when I try to deploy it to my local tomcat since I've added Spring-security.
I used the securty-web-auth with a preauth filter. The RolesRetriever fails with fallowing Error-Message
class path resource [WEB-INF/web.xml] cannot be opened because it does not exist
But the web.xml exists and worked before the security setup.
<bean id="j2eeMappableRolesRetriever"
class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever">
<property name="resourceLoader" ref="webAppContext" />
</bean>
<bean id="webAppContext"
class="org.springframework.web.context.support.GenericWebApplicationContext" />
Has someone and idea, why it fails? It must be within the WebAppContext-Bean but I have no Idea where to set the right path to web.xml