spring-projects
diff --git a/‎config/src/main/java/org/springframework/security/config/Elements.java
Lines changed: 5 additions & 1 deletion b/‎config/src/main/java/org/springframework/security/config/Elements.java
Lines changed: 5 additions & 1 deletion
diff --git a/‎config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
Lines changed: 3 additions & 1 deletion b/‎config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
Lines changed: 3 additions & 1 deletion
diff --git a/‎config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
Lines changed: 47 additions & 2 deletions b/‎config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
Lines changed: 47 additions & 2 deletions
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -138,4 +138,8 @@ public abstract class Elements {
 
 	public static final String PASSWORD_MANAGEMENT = "password-management";
 
+	public static final String RELYING_PARTY_REGISTRATIONS = "relying-party-registrations";
+
+	public static final String SAML2_LOGIN = "saml2-login";
+
 }
@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2020 the original author or authors.
+ * Copyright 2009-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,6 +47,7 @@
 import org.springframework.security.config.method.MethodSecurityBeanDefinitionParser;
 import org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser;
 import org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser;
+import org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser;
 import org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.ClassUtils;
@@ -190,6 +191,7 @@ private void loadWebParsers() {
 		this.parsers.put(Elements.FILTER_CHAIN, new FilterChainBeanDefinitionParser());
 		this.filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();
 		this.parsers.put(Elements.CLIENT_REGISTRATIONS, new ClientRegistrationsBeanDefinitionParser());
+		this.parsers.put(Elements.RELYING_PARTY_REGISTRATIONS, new RelyingPartyRegistrationsBeanDefinitionParser());
 	}
 
 	private void loadWebSocketParsers() {
 
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -202,6 +202,14 @@ final class AuthenticationConfigBuilder {
 
 	private BeanDefinition oauth2LoginLinks;
 
+	private BeanDefinition saml2AuthenticationUrlToProviderName;
+
+	private BeanDefinition saml2AuthorizationRequestFilter;
+
+	private String saml2AuthenticationFilterId;
+
+	private String saml2AuthenticationRequestFilterId;
+
 	private boolean oauth2ClientEnabled;
 
 	private BeanDefinition authorizationRequestRedirectFilter;
@@ -238,6 +246,7 @@ final class AuthenticationConfigBuilder {
 		createFormLoginFilter(sessionStrategy, authenticationManager);
 		createOAuth2ClientFilters(sessionStrategy, requestCache, authenticationManager);
 		createOpenIDLoginFilter(sessionStrategy, authenticationManager);
+		createSaml2LoginFilter(authenticationManager);
 		createX509Filter(authenticationManager);
 		createJeeFilter(authenticationManager);
 		createLogoutFilter();
@@ -412,6 +421,29 @@ void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authMa
 		}
 	}
 
+	private void createSaml2LoginFilter(BeanReference authenticationManager) {
+		Element saml2LoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.SAML2_LOGIN);
+		if (saml2LoginElt == null) {
+			return;
+		}
+		Saml2LoginBeanDefinitionParser parser = new Saml2LoginBeanDefinitionParser(this.csrfIgnoreRequestMatchers,
+				this.portMapper, this.portResolver, this.requestCache, this.allowSessionCreation, authenticationManager,
+				this.authenticationProviders, this.defaultEntryPointMappings);
+		BeanDefinition saml2WebSsoAuthenticationFilter = parser.parse(saml2LoginElt, this.pc);
+		this.saml2AuthorizationRequestFilter = parser.getSaml2WebSsoAuthenticationRequestFilter();
+
+		this.saml2AuthenticationFilterId = this.pc.getReaderContext().generateBeanName(saml2WebSsoAuthenticationFilter);
+		this.saml2AuthenticationRequestFilterId = this.pc.getReaderContext()
+				.generateBeanName(this.saml2AuthorizationRequestFilter);
+		this.saml2AuthenticationUrlToProviderName = parser.getSaml2AuthenticationUrlToProviderName();
+
+		// register the component
+		this.pc.registerBeanComponent(
+				new BeanComponentDefinition(saml2WebSsoAuthenticationFilter, this.saml2AuthenticationFilterId));
+		this.pc.registerBeanComponent(new BeanComponentDefinition(this.saml2AuthorizationRequestFilter,
+				this.saml2AuthenticationRequestFilterId));
+	}
+
 	/**
 	 * Parses OpenID 1.0 and 2.0 - related parts of configuration xmls
 	 * @param sessionStrategy sessionStrategy
@@ -666,6 +698,12 @@ void createLoginPageFilterIfNeeded() {
 				loginPageFilter.addPropertyValue("Oauth2LoginEnabled", true);
 				loginPageFilter.addPropertyValue("Oauth2AuthenticationUrlToClientName", this.oauth2LoginLinks);
 			}
+			if (this.saml2AuthenticationFilterId != null) {
+				loginPageFilter.addConstructorArgReference(this.saml2AuthenticationFilterId);
+				loginPageFilter.addPropertyValue("saml2LoginEnabled", true);
+				loginPageFilter.addPropertyValue("saml2AuthenticationUrlToProviderName",
+						this.saml2AuthenticationUrlToProviderName);
+			}
 			this.loginPageGenerationFilter = loginPageFilter.getBeanDefinition();
 			this.logoutPageGenerationFilter = logoutPageFilter.getBeanDefinition();
 		}
@@ -840,7 +878,8 @@ private BeanMetadataElement selectEntryPoint() {
 			if (formLoginElt != null && this.oauth2LoginEntryPoint != null) {
 				return this.formEntryPoint;
 			}
-			// If form login was enabled through auto-config, and Oauth2 login was not
+			// If form login was enabled through auto-config, and Oauth2 login & Saml2
+			// login was not
 			// enabled then use form login
 			if (this.oauth2LoginEntryPoint == null) {
 				return this.formEntryPoint;
@@ -923,6 +962,12 @@ List<OrderDecorator> getFilters() {
 			filters.add(new OrderDecorator(this.authorizationCodeGrantFilter,
 					SecurityFilters.OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
 		}
+		if (this.saml2AuthenticationFilterId != null) {
+			filters.add(new OrderDecorator(new RuntimeBeanReference(this.saml2AuthenticationFilterId),
+					SecurityFilters.SAML2_AUTHENTICATION_FILTER));
+			filters.add(new OrderDecorator(new RuntimeBeanReference(this.saml2AuthenticationRequestFilterId),
+					SecurityFilters.SAML2_AUTHENTICATION_REQUEST_FILTER));
+		}
 		filters.add(new OrderDecorator(this.etf, SecurityFilters.EXCEPTION_TRANSLATION_FILTER));
 		return filters;
 	}
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2021 the original author or authors.`
	`2`	`+ * Copyright 2002-2022 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -138,4 +138,8 @@ public abstract class Elements {`
`138`	`138`
`139`	`139`	`public static final String PASSWORD_MANAGEMENT = "password-management";`
`140`	`140`
	`141`	`+ public static final String RELYING_PARTY_REGISTRATIONS = "relying-party-registrations";`
	`142`	`+`
	`143`	`+ public static final String SAML2_LOGIN = "saml2-login";`
	`144`	`+`
`141`	`145`	`}`