Skip to content

Conversation

@snowykte0426
Copy link
Contributor

Spring Security does not support HTTP-Redirect binding for SAML 2.0 responses, as it is not permitted by the SAML specification.

This PR updates the migration guide to explicitly document this limitation using a warning block, helping users avoid potential confusion when integrating with SAML identity providers.

Fixes gh-11161

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 1, 2025
@jzheaux jzheaux self-assigned this May 1, 2025
@jzheaux
Copy link
Contributor

jzheaux commented May 1, 2025

Hi, @snowykte0426, thanks for this contribution.

I think this warning should go into a document that is more specific to migrating from the SAML extension to Spring Security. The proposed document is about migrating from Spring Security 6 to 7.

I've added your warning to the SAML 2.0 Migration Guide in the Wiki. It may be valuable to move that Wiki article into the documentation to increase visibility. Would you be able to create a new file in the SAML 2.0 Documentation and copy the Wiki article text there?

@jzheaux jzheaux added in: docs An issue in Documentation or samples type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels May 1, 2025
@snowykte0426
Copy link
Contributor Author

snowykte0426 commented May 2, 2025

Thank you for the thoughtful feedback, @jzheaux.

In response to your suggestion, I've moved the full content from the SAML 2.0 Migration Guide wiki page into a new AsciiDoc file (saml2/saml2-migration-guide.adoc) and added it to the documentation navigation accordingly (commits: 7465866, 10b5c05, aa9e8de).

Additionally, the change originally introduced in commit 2e6103d has been removed to avoid duplication, as its content is now fully represented in the newly added migration guide.

Please let me know if there is anything further I can improve or adjust.

Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @snowykte0426! I've left some feedback inline that brings some of the wording up to date.

…adata

Linked each DSL keyword to its corresponding reference page and updated the wording to present the list clearly.

Signed-off-by: snowykte0426 <[email protected]>
…table

Removed the outdated 'Metadata' section per feedback, and moved the sample link into the 'Examples Matrix' table for better visibility and relevance.

Signed-off-by: snowykte0426 <[email protected]>
Renamed 'saml2-migration-guide.adoc' to 'saml-extension-migration.adoc' for clarity,
and updated the nav link text to 'Migrating from Spring Security SAML Extension'.

Signed-off-by: snowykte0426 <[email protected]>
Renamed 'saml2-migration-guide.adoc' to 'saml-extension-migration.adoc' for clarity,
and updated the nav link text to 'Migrating from Spring Security SAML Extension'.

Signed-off-by: snowykte0426 <[email protected]>
@jzheaux
Copy link
Contributor

jzheaux commented May 7, 2025

Thank you for the updates, @snowykte0426! In preparation for merging, will you please squash your commits?

Since you are on main, you might want to instead create a branch, push your squashed commit to that branch, and create a new PR based on that branch. In this way, you won't have to do a force push on your main branch.

@snowykte0426
Copy link
Contributor Author

Closing in favor of #17076 after squashing commits into a single one per feedback.

@jzheaux jzheaux added the status: duplicate A duplicate of another issue label May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

in: docs An issue in Documentation or samples status: duplicate A duplicate of another issue type: enhancement A general enhancement

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Document that Http-Redirect binding not supported for SAML 2.0 responses

3 participants