My goal is to have a link on the page that returns the user to the originating site.I am starting from the spring saml sample http://projects.spring.io/spring-security-saml/ and am adding a new function to the index page.
my saml-servlet.xml and securityContext.xml both have
<context:component-scan base-package="com.home.saml.sp"/>
my returnController.java in the package com.home.saml.sp
@Controller
public class ReturnController {
@RequestMapping(value = "/redirect", method = RequestMethod.POST)
public String redirect() {
String redirectUrl = "http://www.home.com";
return "redirect:"+ redirectUrl;
}
}
and my index.jsp adds
<form method="POST" action="/redirect">
<table>
<tr>
<td><input type="submit" value="Redirect * Page" /></td>
</tr>
</table>
</form>
The saml servlet processes URLs /saml/web/* and therefore skips your /redirect controller. You will need to change the saml servlet mapping in web.xml to:
<servlet-mapping>
<servlet-name>saml</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
Please note that this will break the metadata administration UI in the sample application. You would need to replace the current security for admin UI with:
<!-- Security for the administration UI -->
<security:http pattern="/metadata/**" access-denied-page="/metadata/login">
<security:form-login login-processing-url="/metadata/login_check" login-page="/metadata/login" default-target-url="/metadata"/>
<security:intercept-url pattern="/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/metadata/**" access="ROLE_ADMIN"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>
Then remove all /saml/web prefixes in JSPs and change adminLogin.jsp to use /metadata/login_check in the loginForm.