Skip to content

Saml2Authentication isn't serializable #7681

New issue
New issue
Closed
#7683
Closed
Saml2Authentication isn't serializable#7681
#7683
Assignees
eleftherias
Labels
in: saml2An issue in SAML2 modulesstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
 
5.3.0.M1
@clemstoquart

Description

@clemstoquart
clemstoquart
opened on Nov 28, 2019

Hi Spring Security team,

I've encounter an issue using the new Saml2 support with Spring Session.

In the OpenSamlAuthenticationProvider class in the authenticate method we create the authentication this way :

new Saml2Authentication(
    () -> username, token.getSaml2Response(),
    this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion))
)

But this isn't serializable with the default serializer provided by Spring Session.

Solution

IMO provide an implementation of the AuthenticatedPrincipal instead of using an anonymous class should do the trick here.

What do you think about that ?

Have a nice day :)

Metadata

Metadata

Assignees

Labels

in: saml2An issue in SAML2 modulesstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions