I am integrating SAML2 with my existing application that already uses the login using the database with CustomAuthenticationProvider. When I am adding SAML login then the application's database login doesn't work. In my opinion, .antMatchers("/api/authenticate").permitAll() doesn't work. If I remove SAML configuration then the DB login works fine.
Here is the configurations: MultiHttpSecurityConfig, CustomAuthenticationProvider
In the above configuration, only SAML login works not DB login.
I solved it by using the following configuration. I created separate WebSecurityConfigurerAdapter for application login and SAML login.
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {}
Key is to add @Autowired for configure() and add @Order(). I am not sure why it worked but below config worked for.
@EnableWebSecurity
@Configuration
@Order(1)
public class SamlAuthConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider).authenticationProvider(samlAuthenticationProvider());
}
}
This link helped me to resolve this.