J S
oh…I might have misunderstood the concept. I had registered two users in Okta and then I added my app to these two users, I got two different Metadata URLs. However in the property file you have added only one URL and I was wondering which user’s Metadata URL to add here. Since you mentioned create account in OKTA, I thought each user has to register like this and get the Metadata URLs… Let me go through the 2nd link you sent me on User migration. Please feel free to reply to me which will really helps me to avoid my big confusion. Thanks a lot. I am really grateful to you for quickly getting back to me.
ojas kale
Hi Matt,
How do you handle change on
security.saml2.metadata-url ? in Spring boot?
Do you need to reconstruct the httpSecurity?
Matt Raible
I’m not sure what you mean. If you change the URL in your application.properties file, restart your app and it should take effect.
ojas kale
Got it, So my use case is,
I have a running application which is not configured with any metadata url.
I created an app afterwards and want to change my single sign on to redirect to this new url.
Is there anyway to do it without restarting the application?
Matt Raible
No, not that I know of. You might try posting an issue in the Spring Security issue tracker on GitHub and request it as a new feature.
ojas kale
Got it.
Thank you Matt for such a quick response really appreciate it.
kitty bang
Hi Matt,
I would like to restrict few urls which can be accessed by few roles like admin user. I have assigned few users to admin group in okta, in the saml settings I am sending this details with name as ‘groups’. In saml assertion xml I can see that value admin is shown for group element. But spring security granted authurity object is empty.I was expecting admin value should be present. Could you please tell me what changes I need to do in spring to make it to work.
Thanks in advance.
Kitty
Matt Raible
I’m not sure why it doesn’t work. I’d ask your question on Stack Overflow and add “spring security” and “SAML” as tags. That way, the Spring Security team will see it.
Thomas Stigsen
Awesome tutorial!
I have to route the SAML authentication through a reverse proxy… 
Can you help? a reference to some documentation…? any help is appreciated 
Thank you again
Matt Raible
You should be able to use a reverse proxy. SAML is just POSTing a Base64 encoded XML document to an endpoint. It’d be similar to hosting an HTML form behind a reverse proxy.
Timbo
Hi Matt, great tutorial! question, how do I set my configuration to redirect to an endpoint after a successful or failed login through the IDP.
Matt Raible
Hello Timbo. I’m not sure if the SAML DSL used in this post has support for success/failure handlers. That’s how Spring Security usually handles it. You might want to check out Spring Security 5.2’s SAML support. It appears that SAML DSL used in this post is deprecated.
Chirag Soni
I have a use case: based on the username I want to switch between database backend authentication provider and SAML authentication provider so what I have thought to implement this is use a CustomFilter and extract the username parameter from the request and as per the requirement switch to the specific authentication provider( database or SAML). So if I choose spring’s multiple authentication providers using AuthenticationManagerBuilder then there how to configure SAML authentication stuff so that it will take the user to the okta ldp.
Matt Raible
Hello Chirag,
I’d recommend posting this to Stack Overflow with “spring security” and “saml” tags. That way, the experts on the Spring Security team (and others), will see it and might be able to help you out. I’m not sure what you want to do is possible.
Chirag Soni
Hi Maat, could you please use SAMLAuthenticationProvider, offered by spring security saml, to authenticate the user.
As I planned to use multiple auth providers: database, and SAML in my spring application but I don’t know that how to configure SAMLAuthenticationProvider?? Once I will get to know this I can plug these two providers like this:
public void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(databaseAuthProvider());
auth.authenticationProvider(samlAuthProvider());
}
Matt Raible
Thanks for the suggestion! We’ll try to use it in an upcoming blog post on Spring Boot + SAML. In the meantime, I’d recommend you post your question to Stack Overflow and tag it with “spring-security” and “SAML” tags.
Chirag Soni
I have already posted this here but nobody answered in a way I want i.e. how to use SAMLAuthenticationProvider they are just suggesting to use this that’s it.
I will appreciate you if you can give an example of using SAMLAuthenticationProvider
Chirag Soni
Hi Maat, Did you look for using spring’s SAMLAuthenticationProvider to authenticate the user against okta??
Chirag Soni
Hi Maat,
With this example are we getting any authentication token?? If yes please share the link so I can look into that.