Add Gradle Enterprise plugin

Issue gh-94
Accept gradle Terms of Service
2022-09-16 08:55:29 -03:00 · 2022-09-16 08:55:29 -03:00 · 2022-09-16 08:55:29 -03:00 · 2022-07-28 16:17:46 -03:00 · 2022-05-18 10:39:49 -05:00 · 2022-05-11 16:05:03 -03:00
135 changed files with 8566 additions and 519 deletions
@@ -4,5 +4,5 @@
  <component name="FrameworkDetectionExcludesConfiguration">
    <file type="web" url="file://$PROJECT_DIR$" />
  </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="true" project-jdk-name="11" project-jdk-type="JavaSDK" />
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="true" project-jdk-name="temurin-11" project-jdk-type="JavaSDK" />
 </project>
@@ -1,5 +1,5 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
 org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
 org.gradle.parallel=true
 org.gradle.caching=true
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -1 +1 @@
-spring-security.version=5.6.0
+spring-security.version=5.7.0-SNAPSHOT
@@ -4,17 +4,18 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	aspect platform("org.springframework:spring-framework-bom:5.3.0")
+	aspect platform("org.springframework:spring-framework-bom:5.3.13")
 	aspect platform("org.springframework.security:spring-security-bom:5.4.0-SNAPSHOT")
 	aspect "org.springframework.security:spring-security-aspects"

-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.hsqldb:hsqldb:2.5.1"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,39 +17,29 @@ package example;

 import org.springframework.context.annotation.Bean;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
-import org.springframework.security.ldap.authentication.BindAuthenticator;
-import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
-import org.springframework.security.ldap.authentication.LdapAuthenticator;
-import org.springframework.security.ldap.server.UnboundIdContainer;
+import org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean;
+import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory;
+import org.springframework.security.ldap.userdetails.PersonContextMapper;

@EnableWebSecurity
 public class SecurityConfiguration {

 	@Bean
-	UnboundIdContainer ldapContainer() {
-		UnboundIdContainer result = new UnboundIdContainer("dc=springframework,dc=org", "classpath:users.ldif");
-		result.setPort(0);
-		return result;
+	public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
+		EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean = EmbeddedLdapServerContextSourceFactoryBean
+				.fromEmbeddedLdapServer();
+		contextSourceFactoryBean.setPort(0);
+		return contextSourceFactoryBean;
 	}

 	@Bean
-	DefaultSpringSecurityContextSource contextSource(UnboundIdContainer container) {
-		return new DefaultSpringSecurityContextSource(
-				"ldap://localhost:" + container.getPort() + "/dc=springframework,dc=org");
-	}
-
-	@Bean
-	BindAuthenticator authenticator(BaseLdapPathContextSource contextSource) {
-		BindAuthenticator authenticator = new BindAuthenticator(contextSource);
-		authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
-		return authenticator;
-	}
-
-	@Bean
-	LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticator) {
-		return new LdapAuthenticationProvider(authenticator);
+	AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
+		LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
+		factory.setUserDnPatterns("uid={0},ou=people");
+		factory.setUserDetailsContextMapper(new PersonContextMapper());
+		return factory.createAuthenticationManager();
 	}

 }
@@ -8,13 +8,14 @@ plugins {
 //apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -4,14 +4,15 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.11")
-	implementation platform("org.springframework.data:spring-data-releasetrain:Neumann-SR9")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.data:spring-data-releasetrain:Neumann-SR5")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -8,13 +8,14 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
-	implementation platform("org.springframework:spring-framework-bom:5.3.0")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework:spring-framework-bom:5.3.13")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -31,20 +31,21 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa

 == Run the Sample

-=== Start up the application
-
-You should run the application war in a servlet container like Tomcat
+=== Start up the Sample Boot Application
+```
+ ./gradlew :spring-security-samples-boot-saml2login:bootRun
+```

 === Open a Browser

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

@@ -24,7 +24,8 @@ plugins {
 apply from: "gradle/gretty.gradle"

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 	maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" }
 }
@@ -36,7 +37,7 @@ dependencies {
 		implementation "org.opensaml:opensaml-saml-impl:4.1.1"
 	}
 	implementation platform("org.springframework:spring-framework-bom:5.3.11")
-	implementation platform("org.springframework.security:spring-security-bom:5.6.0")
+	implementation platform("org.springframework.security:spring-security-bom:5.7.0-SNAPSHOT")
 	implementation platform("org.junit:junit-bom:5.7.0")

 	implementation "org.springframework.security:spring-security-config"
@@ -16,15 +16,14 @@

 package example;

-import java.io.IOException;
-
+import com.gargoylesoftware.htmlunit.ElementNotFoundException;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.html.HtmlElement;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlInput;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -40,6 +39,8 @@ import org.springframework.test.web.servlet.htmlunit.MockMvcWebClientBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;

+import static org.assertj.core.api.Assertions.assertThat;
+
@ExtendWith(SpringExtension.class)
@ContextConfiguration(classes = ApplicationConfiguration.class)
@WebAppConfiguration
@@ -66,35 +67,45 @@ public class Saml2JavaConfigurationITests {

 	@Test
 	void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
-		HtmlPage relyingParty = performLogin();
-		Assertions.assertThat(relyingParty.asText()).contains("You're email address is testuser@spring.security.saml");
+		performLogin();
+		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
+		assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
 	}

 	@Test
 	void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
-		HtmlPage relyingParty = performLogin();
-		HtmlElement rpLogoutButton = relyingParty.getHtmlElementById("rp_logout_button");
+		performLogin();
+		HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
+		HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
 		HtmlPage loginPage = rpLogoutButton.click();
-		Assertions.assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
+		assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
 	}

-	@Test
-	void logoutWhenAssertingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
-		HtmlPage relyingParty = performLogin();
-		HtmlElement apLogoutButton = relyingParty.getHtmlElementById("ap_logout_button");
-		HtmlPage loginPage = apLogoutButton.click();
-		Assertions.assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
-	}
-
-	private HtmlPage performLogin() throws IOException {
+	private void performLogin() throws Exception {
 		HtmlPage login = this.webClient.getPage("/");
-		HtmlForm form = login.getFormByName("f");
+		this.webClient.waitForBackgroundJavaScript(10000);
+		HtmlForm form = findForm(login);
 		HtmlInput username = form.getInputByName("username");
-		HtmlInput password = form.getInputByName("password");
-		HtmlSubmitInput submit = login.getHtmlElementById("submit_button");
-		username.setValueAttribute("user");
-		password.setValueAttribute("password");
-		return submit.click();
+		HtmlPasswordInput password = form.getInputByName("password");
+		HtmlSubmitInput submit = login.getHtmlElementById("okta-signin-submit");
+		username.type("testuser@spring.security.saml");
+		password.type("12345678");
+		submit.click();
+		this.webClient.waitForBackgroundJavaScript(10000);
+	}
+
+	private HtmlForm findForm(HtmlPage login) {
+		for (HtmlForm form : login.getForms()) {
+			try {
+				if (form.getId().equals("form19")) {
+					return form;
+				}
+			}
+			catch (ElementNotFoundException ex) {
+				// Continue
+			}
+		}
+		throw new IllegalStateException("Could not resolve login form");
 	}

 }
@@ -31,7 +31,7 @@ public class IndexController {

 	@GetMapping("/")
 	public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
-		String emailAddress = principal.getFirstAttribute("emailAddress");
+		String emailAddress = principal.getFirstAttribute("email");
 		model.addAttribute("emailAddress", emailAddress);
 		model.addAttribute("userAttributes", principal.getAttributes());
 		return "index";
@@ -32,6 +32,7 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
+import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
@@ -57,13 +58,16 @@ public class SecurityConfiguration {
 	@Bean
 	RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
 		RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
-				.fromMetadataLocation("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php")
+				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
 				.registrationId("one")
 				.decryptionX509Credentials(
 						(c) -> c.add(Saml2X509Credential.decryption(this.privateKey, relyingPartyCertificate())))
 				.signingX509Credentials(
 						(c) -> c.add(Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate())))
-				.build();
+				.singleLogoutServiceLocation(
+						"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
+				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
+				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();

 		return new InMemoryRelyingPartyRegistrationRepository(relyingPartyRegistration);
 	}
@@ -36,11 +36,6 @@
                </button>
            </form>
        </li>
-        <li class="nav-item">
-            <a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
-                AP-initiated Logout
-            </a>
-        </li>
    </ul>
    </div>
    <main role="main" class="container">
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -5,7 +5,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -5,7 +5,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -18,13 +18,10 @@ package example;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
-import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
-import org.springframework.security.ldap.authentication.BindAuthenticator;
-import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
-import org.springframework.security.ldap.authentication.LdapAuthenticator;
-import org.springframework.security.ldap.server.UnboundIdContainer;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean;
+import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory;
 import org.springframework.security.ldap.userdetails.PersonContextMapper;

 /**
@@ -36,30 +33,19 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper;
 public class SecurityConfig {

 	@Bean
-	UnboundIdContainer ldapContainer() {
-		UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org", "classpath:users.ldif");
-		container.setPort(0);
-		return container;
+	public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
+		EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean = EmbeddedLdapServerContextSourceFactoryBean
+				.fromEmbeddedLdapServer();
+		contextSourceFactoryBean.setPort(0);
+		return contextSourceFactoryBean;
 	}

 	@Bean
-	ContextSource contextSource(UnboundIdContainer container) {
-		int port = container.getPort();
-		return new DefaultSpringSecurityContextSource("ldap://localhost:" + port + "/dc=springframework,dc=org");
-	}
-
-	@Bean
-	BindAuthenticator authenticator(BaseLdapPathContextSource contextSource) {
-		BindAuthenticator authenticator = new BindAuthenticator(contextSource);
-		authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
-		return authenticator;
-	}
-
-	@Bean
-	LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticator) {
-		LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
-		provider.setUserDetailsContextMapper(new PersonContextMapper());
-		return provider;
+	AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
+		LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
+		factory.setUserDnPatterns("uid={0},ou=people");
+		factory.setUserDetailsContextMapper(new PersonContextMapper());
+		return factory.createAuthenticationManager();
 	}

 }
@@ -6,13 +6,14 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
-	implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.0'
+	implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.3'

 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -22,7 +22,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -22,7 +22,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -22,7 +22,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -22,7 +22,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -22,7 +22,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 }

@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -33,19 +33,20 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa

 === Start up the Sample Boot Application
 ```
- ./gradlew :spring-security-samples-boot-saml2login:bootRun
+ ./gradlew :servlet:spring-boot:java:saml2:login-single-tenant:bootRun
+
 ```

 === Open a Browser

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 	maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" }
 }
@@ -23,7 +24,7 @@ dependencies {
 	implementation 'org.springframework.security:spring-security-saml2-service-provider'
 	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'

-	testImplementation 'net.sourceforge.htmlunit:htmlunit'
+	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 }
@@ -31,4 +32,4 @@ dependencies {
 tasks.withType(Test).configureEach {
 	useJUnitPlatform()
 	outputs.upToDateWhen { false }
-}
+}
@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -27,7 +27,7 @@ public class IndexController {

 	@GetMapping("/")
 	public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
-		String emailAddress = principal.getFirstAttribute("emailAddress");
+		String emailAddress = principal.getFirstAttribute("email");
 		model.addAttribute("emailAddress", emailAddress);
 		model.addAttribute("userAttributes", principal.getAttributes());
 		return "index";
@@ -16,13 +16,26 @@

 package example;

+import java.io.InputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
+
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
+import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
+import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
@@ -39,7 +52,7 @@ public class SecurityConfiguration {
 			.authorizeHttpRequests((authorize) -> authorize
 				.anyRequest().authenticated()
 			)
-			.saml2Login((saml2) -> saml2.loginProcessingUrl("/login/saml2/sso"))
+			.saml2Login(Customizer.withDefaults())
 			.saml2Logout(Customizer.withDefaults());
 		// @formatter:on

@@ -49,7 +62,7 @@ public class SecurityConfiguration {
 	@Bean
 	RelyingPartyRegistrationResolver relyingPartyRegistrationResolver(
 			RelyingPartyRegistrationRepository registrations) {
-		return new DefaultRelyingPartyRegistrationResolver((id) -> registrations.findByRegistrationId("metadata"));
+		return new DefaultRelyingPartyRegistrationResolver((id) -> registrations.findByRegistrationId("two"));
 	}

 	@Bean
@@ -65,4 +78,29 @@ public class SecurityConfiguration {
 		return filter;
 	}

+	@Bean
+	RelyingPartyRegistrationRepository repository(
+			@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
+		RelyingPartyRegistration two = RelyingPartyRegistrations
+				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
+				.registrationId("two")
+				.signingX509Credentials(
+						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
+				.singleLogoutServiceLocation(
+						"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
+				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
+				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
+		return new InMemoryRelyingPartyRegistrationRepository(two);
+	}
+
+	X509Certificate relyingPartyCertificate() {
+		Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
+		try (InputStream is = resource.getInputStream()) {
+			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
+		}
+		catch (Exception ex) {
+			throw new UnsupportedOperationException(ex);
+		}
+	}
+
 }
@@ -1,17 +1,2 @@
-spring:
-  security:
-    saml2:
-      relyingparty:
-        registration:
-          metadata:
-            entity-id: "{baseUrl}/saml2/metadata"
-            acs.location: "{baseUrl}/login/saml2/sso"
-            signing.credentials:
-              - private-key-location: classpath:credentials/rp-private.key
-                certificate-location: classpath:credentials/rp-certificate.crt
-            identityprovider:
-              metadata-uri: https://simplesamlphp.apps.pcfone.io/saml2/idp/metadata.php
-
-
 logging.level:
  org.springframework.security: TRACE
@@ -36,11 +36,6 @@
                </button>
            </form>
        </li>
-        <li class="nav-item">
-            <a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
-                AP-initiated Logout
-            </a>
-        </li>
    </ul>
    </div>
    <main role="main" class="container">
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -33,19 +33,19 @@ You can refer to the https://docs.spring.io/spring-security/reference/servlet/sa

 === Start up the Sample Boot Application
 ```
- ./gradlew :spring-security-samples-boot-saml2login:bootRun
+ ./gradlew :servlet:spring-boot:java:saml2:login:bootRun
 ```

 === Open a Browser

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 	maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" }
 }
@@ -23,7 +24,7 @@ dependencies {
 	implementation 'org.springframework.security:spring-security-saml2-service-provider'
 	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'

-	testImplementation 'net.sourceforge.htmlunit:htmlunit'
+	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 }
@@ -31,4 +32,4 @@ dependencies {
 tasks.withType(Test).configureEach {
 	useJUnitPlatform()
 	outputs.upToDateWhen { false }
-}
+}
@@ -1,2 +1,3 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
+selenium-htmlunit.version=2.44.0
@@ -27,7 +27,7 @@ public class IndexController {

 	@GetMapping("/")
 	public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
-		String emailAddress = principal.getFirstAttribute("emailAddress");
+		String emailAddress = principal.getFirstAttribute("email");
 		model.addAttribute("emailAddress", emailAddress);
 		model.addAttribute("userAttributes", principal.getAttributes());
 		return "index";
@@ -16,13 +16,26 @@

 package example;

+import java.io.InputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
+
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
+import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
+import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
@@ -59,4 +72,38 @@ public class SecurityConfiguration {
 		return filter;
 	}

+	@Bean
+	RelyingPartyRegistrationRepository repository(
+			@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
+		RelyingPartyRegistration one = RelyingPartyRegistrations
+				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
+				.registrationId("one")
+				.signingX509Credentials(
+						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
+				.singleLogoutServiceLocation(
+						"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
+				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
+				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
+		RelyingPartyRegistration two = RelyingPartyRegistrations
+				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
+				.registrationId("two")
+				.signingX509Credentials(
+						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
+				.singleLogoutServiceLocation(
+						"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
+				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
+				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
+		return new InMemoryRelyingPartyRegistrationRepository(one, two);
+	}
+
+	X509Certificate relyingPartyCertificate() {
+		Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
+		try (InputStream is = resource.getInputStream()) {
+			return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
+		}
+		catch (Exception ex) {
+			throw new UnsupportedOperationException(ex);
+		}
+	}
+
 }
@@ -1,20 +1,2 @@
-spring:
-  security:
-    saml2:
-      relyingparty:
-        registration:
-          one:
-            signing.credentials: &rp-metadata
-              - private-key-location: classpath:credentials/rp-private.key
-                certificate-location: classpath:credentials/rp-certificate.crt
-            identityprovider:
-              metadata-uri: https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php
-          two:
-            signing.credentials: *rp-metadata
-            decryption.credentials: *rp-metadata
-            identityprovider:
-              metadata-uri: https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php
-
-
 logging.level:
  org.springframework.security: TRACE
@@ -36,11 +36,6 @@
                </button>
            </form>
        </li>
-        <li class="nav-item">
-            <a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
-                AP-initiated Logout
-            </a>
-        </li>
    </ul>
    </div>
    <main role="main" class="container">
@@ -1,4 +1,4 @@
-= SAML 2.0 Login & Logout Sample
+= SAML 2.0 Refreshable Metadata

 This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
 It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.
@@ -12,18 +12,18 @@ The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[S

 === SAML 2.0 Login

-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 The following features are implemented in the MVP:

 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
-4. Work against the SimpleSAMLphp reference implementation
+4. Work against the Okta SAML 2.0 IDP reference implementation

 === SAML 2.0 Single Logout

-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
+`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

 On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

@@ -45,12 +45,14 @@ This particular implementation uses a `@Scheduled` annotation to update its meta

 http://localhost:8080/

-You will be redirect to the SimpleSAMLphp IDP
+You will be redirect to the Okta SAML 2.0 IDP

 === Type in your credentials

 ```
-User: user
-Password: password
+User: testuser@spring.security.saml
+Password: 12345678
 ```

+
+
@@ -6,7 +6,8 @@ plugins {
 }

 repositories {
-	jcenter()
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
 	maven { url "https://repo.spring.io/snapshot" }
 	maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" }
 }
@@ -23,7 +24,7 @@ dependencies {
 	implementation 'org.springframework.security:spring-security-saml2-service-provider'
 	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'

-	testImplementation 'net.sourceforge.htmlunit:htmlunit'
+	testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 }
@@ -31,4 +32,4 @@ dependencies {
 tasks.withType(Test).configureEach {
 	useJUnitPlatform()
 	outputs.upToDateWhen { false }
-}
+}
@@ -1,2 +1,2 @@
-version=5.6.0
-spring-security.version=5.6.0
+version=5.7.0-SNAPSHOT
+spring-security.version=5.7.0-SNAPSHOT
@@ -27,7 +27,7 @@ public class IndexController {

 	@GetMapping("/")
 	public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
-		String emailAddress = principal.getFirstAttribute("emailAddress");
+		String emailAddress = principal.getFirstAttribute("email");
 		model.addAttribute("emailAddress", emailAddress);
 		model.addAttribute("userAttributes", principal.getAttributes());
 		return "index";
@@ -8,7 +8,7 @@ spring:
              - private-key-location: classpath:credentials/rp-private.key
                certificate-location: classpath:credentials/rp-certificate.crt
            identityprovider:
-              metadata-uri: https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php
+              metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata

 logging.level:
  org.springframework.security: TRACE
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Marcus Da Coregio	32c8db1c3e	Add Gradle Enterprise plugin Issue gh-94	2022-09-16 08:55:29 -03:00
Marcus Da Coregio	d7a34c849a	Accept gradle Terms of Service Issue gh-94	2022-09-16 08:55:29 -03:00
Marcus Da Coregio	67d1bb921d	Add new task that runs all subproject's tests	2022-09-16 08:55:29 -03:00
Marcus Da Coregio	1fc20d346e	Fix command to run Spring Boot SAML2 samples	2022-07-28 16:17:46 -03:00
Rob Winch	b2310d91fe	jcenter() -> mavenCentral() jcenter is intermittently producing circular redirects. It is deprecated and we should use Maven Central anyway.	2022-05-18 10:39:49 -05:00
Marcus Da Coregio	b67e18fb82	Add init script to be used in Spring Security CI Issue https://github.com/spring-projects/spring-security/issues/10344	2022-05-11 16:05:03 -03:00
Steve Riesenberg	dbf3fbb635	Update to Spring Authorization Server 0.2.3	2022-03-28 11:22:43 -05:00
Marcus Da Coregio	a4c998ed77	Update README for SAML 2.0 samples	2022-03-28 11:00:25 -03:00
Marcus Da Coregio	da6fa7a565	Re-enable SAML 2.0 samples with Okta IdP Closes gh-55	2022-03-17 09:19:45 -03:00
Marcus Da Coregio	802311ac70	SAML 2.0 Login & Logout XML Sample Issue gh-57	2022-03-10 12:17:21 -03:00
Eleftheria Stein	2ddf0a2fa9	Update LDAP samples to use LdapBindAuthenticationManagerFactory Closes gh-61	2022-01-31 12:37:36 +01:00
Steve Riesenberg	a19471b510	Update Spring Authorization Server to 0.2.1	2022-01-20 11:41:45 -06:00
Steve Riesenberg	73fbaa9950	Add milestone repository Closes gh-58	2022-01-14 13:40:19 -06:00
Marcus Da Coregio	0e4e7c7373	Remove remaining usage of WebSecurityConfigurerAdapter	2021-12-15 09:22:40 -03:00
Eleftheria Stein	48e4401507	Temporarily disable tests on SAML2 samples Issue gh-55	2021-12-13 17:36:14 +01:00
Eleftheria Stein	0e91e6300e	Prevent gradle cache on tests Closes gh-54	2021-12-13 17:04:46 +01:00
Marcus Da Coregio	0818005c46	Increase timeout for WebTestClient Sometimes the tests fail with the message Timeout on blocking read for 5000000000 NANOSECONDS	2021-12-10 14:28:52 -03:00
Marcus Da Coregio	08166219c7	Use Spring Security 5.7.0-SNAPSHOT	2021-12-10 14:25:44 -03:00
Marcus Da Coregio	6b3e6546aa	Fix broken links Issue gh-53	2021-12-10 14:14:15 -03:00