We already have a password-based and SAML-based login system that was tested with Okta (IdP). Our entire architecture is based in Java+Spring and uses Spring Security to handle authentication and @Secured annotations the controllers to handle authorization.
It is required that all SAML users are registered in our database so we can handle authorization (role-based) on our back-end.
Some screenshots of the login flow and pieces of code used to enable it are attached.
Our current challenge regards a client that asked us for SAML-based login with their Microsoft Federation platform : they cannot successfully login and their specialist sent us the attached message indicating what they believe is going wrong.
We would like to hire a freelancer to implement the necessary changes to make our security module work with the client's federation platform.
The requirements for this job are:
- The solution must, as already currently implemented, enable both user/password login and multiple SAML authentication methods (possible by adding several OpenSaml4AuthenticationProvider to [login to view URL])
- The solution must work both with our current test case (Okta) and our client's IdP (Microsoft)
- An NDA must be signed (client requirement)
- Good knowledge of Spring Security and SAML protocol
- Git knowledge
- Good communication skills in order to validate the solution with the client and explain to our team how/why it works
- Communication with the client's technical team in order to make progress, given that only the client can access the service from their Federation IdP
- Discuss with our technical team which are the possible paths/solutions, how they work and pros/cons in order to decide which one to take
- We have implemented our own OpenSaml4AuthenticationProvider (called OpenSaml4AuthenticationProviderCorrigido) in order to circumvent some compatibility errors between Spring Security and the dependency spring-security-saml2-service-provider. The custom authentication provider is identical to the standard one in the dependency, with the exception of a call to OpenSamlVerificationUtils, which has been replaced by a custom class OpenSamlVerificationUtilsCorrigido. This class, in turn, is a copy of an older implementation which is compatible with the other Spring Security libraries.
- More details can be provided after the NDA is signed
- We expect this job to be a minor correction on the already developed security module
- The client did not provide a X509 certificate
- We provide a default metafile, with no auto generation (sample attached)