Search code examples
wildflyadfsspring-samladfs3.0

Loop between ADFS and Spring-SAML application

I've implemented Spring SAML SSO into a JEE6 web application on Wildfly 8.2 for autenticating with ADFS2/3, but at the moment I'm not able to have success into authorization process. Here is it the request/response ping/pong:

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 AssertionConsumerServiceURL="https://172.19.100.141:8443/saml/SSO"
                 Destination="MYIDP"
                 ForceAuthn="false"
                 ID="a1be1ie43303d6ei1fa8je1fdd1jhh4"
                 IsPassive="false"
                 IssueInstant="2015-10-05T16:52:54.680Z"
                 ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                 Version="2.0"
                 >
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SPENTITY</saml2:Issuer>

Response:

<samlp:Response ID="_c644ea1a-88e9-4022-a9fc-52071d0e67bc"
            Version="2.0"
            IssueInstant="2015-10-05T16:52:54.658Z"
            Destination="https://172.19.100.141:8443/saml/SSO"
            Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
            InResponseTo="a1be1ie43303d6ei1fa8je1fdd1jhh4"
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
            >
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">IDP/adfs/services/trust</Issuer>
<samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                        >
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                </e:EncryptionMethod>
                <KeyInfo>
                    <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:X509IssuerSerial>
                            <ds:X509IssuerName>MY ISSUER RDATA</ds:X509IssuerName>
                            <ds:X509SerialNumber>686142642</ds:X509SerialNumber>
                        </ds:X509IssuerSerial>
                    </ds:X509Data>
                </KeyInfo>
                <e:CipherData>
                    <e:CipherValue>VAL</e:CipherValue>
                </e:CipherData>
            </e:EncryptedKey>
        </KeyInfo>
        <xenc:CipherData>
            <xenc:CipherValue>VAL</xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>
</EncryptedAssertion>

When I reach more than 6 request in the last two minutes, ADFS drops the connection and I receive an error. What's the possible error? I've added all required keys to my keystore, why the client keeps on requesting even if the status code response's field has been successfull?

Solution

  • The problem was useReferer property setted to true for SavedRequestAwareAuthenticationSuccessHandler

    <!-- Handler deciding where to redirect user after successful login -->
<beans:bean id="successRedirectHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- <beans:property name="useReferer" value="true"/> -->
    <beans:property name="defaultTargetUrl" value="/dispatcher"/>
</beans:bean>