Patched version of Spring-SAML for Spring Security 3.1

[thobson]

A few people have been asking how to run Spring SAML with Spring Security 3.1. This is pretty easy, you need to:

1. Change references to GrantedAuthority to ? extends GrantedAuthority
2. Update the securityContext.xml to use the new <security:http security="none"> format
3. If you want to use the sample example as is you will also need to use erase-credentials=false

I've put together a patched version of the saml2-core which runs against Spring Security 3.1 and also updated the saml2-sample app so it also works with 3.1. You can download it here (see the "Others" section). I'll contact the spring saml team and see if they want these changes feeding into the project

Cheers

[shabbirm]

Thanks for yr "erase-credentials=false" tip! Saved my day..

[michaelf]

Hi!
I downloaded SAML extension for Spring Security code and it is looks very mature.
I hope you will be able to answer the following 2 questions.

1) Was it tested with Shibboleth IDP provider?
If not, what IDP provider was tested?
2) Is it support the following:
IDP-initiated Single Sign-On POST Binding
SP-initiated Single Sign-On POST/Artifact Bindings

Thanks in advance for your help!