Develop Reference

Remember-me not working in Spring MVC in spring-security, how can I check why cookie is not getting created

I created remember-me in spring-security and also button in front end, but cookie is not getting created.
my spring security.xml
<logout success-handler-ref="logoutSuccessHandler" />
<remember-me key="_spring_security_remember_me"
user-service-ref="userDetailsService" />

SAML logout not working in ADFS 2.0

I configured the logout endpoint (URL) in the relying party trust as:
https:\abstractmachine.domain.local/adfs/ls/?wa=wsignout1.0
With POST binding
I also changed the default SingleLogoutService node value in the federation metadata from its default to the same link as the end point URL configured at ADFS. Without renaming it was giving error while sending the logout request.
Now, after configuration, the ADFS does say it logged out successfully and displays its logout page but users can still login without having to provide creadentials and it seems that the previous creadentails are still being cached.
Also, it is not redirecting to the response URL (I have set the response URL as:)
https:\abstractmachine.domain.local/webapp/logout.aspx
SAML logout not working in ADFS 2.0
I configured the logout endpoint (URL) in the relying party trust as:
https:\abstractmachine.domain.local/adfs/ls/?wa=wsignout1.0
With POST binding
I also changed the default SingleLogoutService node value in the federation metadata from its default to https//abstractmachine.domain.local/adfs/ls/?wa=wsignout1.0. Without renaming it was giving error while sending the logout request.
Now, after configuration, the ADFS does say it logged out successfully and displays its logout page but users can still login without having to provide credentials and it seems that the previous credentials are still being cached.
Am i missing some settings or is there any other method for logging out of ADFS with SAML request?
Also, it is not redirecting to the response URL after logout
The logout request that I am using is as below:
<?xml version="1.0" encoding="UTF-8"?> <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_a8b394ff-a850-484d-91a1-2daeeeb35b52" Version="2.0" IssueInstant="2016-07-04T13:19:02.582Z" Destination="https://nsv-adfsbal.dristi.local/adfs_app/IdPLogOutResponse.aspx" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" NotOnOrAfter="2016-07-04T13:24:02.582Z"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://nsv-adfsbal.dristi.local/adfs/services/trust</Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_a8b394ff-a850-484d-91a1-2daeeeb35b52">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>knf74cRA51WBnpL3ZvPolhWHY90=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>c7VpbqOi0iRaRjfP8EUrS1GS0ne8MA4uW26GA62b5YwHlIHjC91fTfv4r/IuXONs7ny3J8c/If+jKK3dpttesmYmv1kq3p16o5IxlAEwoZKrBDsaWu+JxZ6xZV1dQ2y+vvPL1cCUwa9FobUXwx5SYx29SHJbHhwe81u5fCCwBa2TPj9gbzekJoKy3JeayCzfw8Bl7CPMfM/aDNgNyOpjZ+Lwvm7mk4ejvwbOSFsFBYToVMnWmeZGkwbnyYvuLrywdxxLN1R0JB/St4mbOpki9As4ndIwiNKUF311NM13QNzCAiI3rvf25EyJf2dOujqxtW7UMat5Yju22IgCBOKbxA==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC7DCCAdSgAwIBAgIQPm2vN8ge2IxCDYSffnDWbjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBuc3YtYWRmc2JhbC5kcmlzdGkubG9jYWwwHhcNMTUxMTI2MDYxMTQxWhcNMTYxMTI1MDYxMTQxWjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBuc3YtYWRmc2JhbC5kcmlzdGkubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeezsC3zzG3CqW7fOSEC/qcnwAaK/UFn1OwMlATGujg4d5veYQAxq9U6c1mZ1v6vSzqg2i7a+/3wop7pk8pwHkqOmepM4mxgwrVMA8PqVrYEDDoWXv4EP1YCpEF2WZl2Oc2P0ttLHVIdtk4ItWoMk5Ag65uR1FkMC0DrdA4jeo5YQLo+sEyu8NBiUdKsdNdTXVSOT68dG3P8CG1gTsq8Mr+B0QHH+2e96DopuE59k13DrPw1YNKOk1MISRydYEItRWRHSCZp5RpC7ATf8b95fR9W9OtjC2vPHD1IFJYf8EiUB15ei94AMb5ImAE2DqGh8WGD9MeVUnSFHCX4XNq85ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAARUaNFCRal6Mctt4++P2jX77U8lXby7Bk3HmPi8GmTIZyP+dkOL4F/SZ0EC1TGhfaTpQKT3sTRYnCYsQiVzozaQp0eQGs4mlRAqqF6OHnB8ndDYPDE85XSYP4K2FDI/bzP2v2aowGHuZfyONvzgPF5NNtSl7ECo6DPEpSQ15DhTxfkC/YvJteiBhvY+2ij2+2fisl1i8GYzv/E8WnBvF4tJ9rI0EXC4GJ3Az2X+TgJF60Gqf+V2Jqc2KEqLqtG9nLQ1QU5uqS30lsz6m8LrSQkKvUi+RtSlg+rxA+D6hXGMwqfVQbR6yTrYLoyV5Z1zKmS0VXHXellq0Ltmejf6spg=</ds:X509Certificate>
</ds:X509Data>
</KeyInfo> </ds:Signature> <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion">user.name#user.local</NameID> <samlp:SessionIndex>_7235ddb0-9fca-4545-9c57-aecdfa4b8eb2</samlp:SessionIndex> </samlp:LogoutRequest>

Spring OAuth 2 Call /oauth/token Resulted in 401 (Unauthorized)

Greeting everyone, I try to configure simple authorization code flow via Spring Security OAuth.
I tested my authorisation and resource server configuration via following approaches:
Create a web application as client and use its page to fire http post call to /oauth/authorize.
After getting code, I use the same page to
fire another http post with code and get token.
At the end, I use
curl -H to place token inside header and get response from protected
resource.
But when I try to use rest template. It throw error message 401 Unauthorised error.
Server side - security configure:
<http auto-config="true" pattern="/protected/**"
authentication-manager-ref="authenticationManager">
<custom-filter ref="resourceFilter" before="PRE_AUTH_FILTER" />
<csrf disabled="true" />
</http>
<http auto-config="true">
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login default-target-url="/admin.html" />
<logout logout-success-url="/welcome.html" logout-url="/logout"/>
<csrf disabled="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="admin" password="123456" authorities="ROLE_USER,ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
Server side - authorisation and resource configure:
<oauth:authorization-server
client-details-service-ref="clientDetails" error-page="error">
<oauth:authorization-code />
</oauth:authorization-server>
<oauth:client-details-service id="clientDetails">
<oauth:client client-id="admin" secret="fooSecret" />
</oauth:client-details-service>
<oauth:resource-server id="resourceFilter" />
Client Side:
<oauth:client id="oauth2ClientContextFilter" />
<oauth:resource id="sso" client-id="admin"
access-token-uri="http://localhost:8080/tough/oauth/token"
user-authorization-uri="http://localhost:8080/tough/oauth/authorize"
use-current-uri="true" client-secret="secret"
client-authentication-scheme="header" type="authorization_code"
scope="trust" />
<oauth:rest-template id="template" resource="sso"/>
If anyone knows where goes wrong, please do let me know.

There were two issues with my configuration above.
I noticed my client used wrong secret to communicate with authorization server.
Token endpoint at authorization server use authentication manager which
serve user authentication. It result
client are rejected all times until I create new security realm for
token endpoint and configure it to use a authentication manger designed for
client.
Note client is different from user. Client is third party want to access resource belong to your user (also called resource owner).

I had the same problem. It helped to add a
org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService
to spring securities authentication-manager, glueing the clientDetailsService to the authentication manager. So
<authentication-manager alias="authenticationManager">
...
<authentication-provider user-service-ref="clientDetailsUserDetailsService"/>
...
</authentication-manager>
nearly solved the problem for me. I had one more Issue: Since ClientDetailsUserDetailsService has no default constructor, spring threw Exceptions of the form
org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class
[class org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService]:
Common causes of this problem include using a final class or a non-visible class;
nested exception is java.lang.IllegalArgumentException: Superclass has no null constructors but no arguments were given
Which I could not solve without using a copy of that class receiving the clientDetailsService as property instead of a constructor arg.

How to implement HTTP basic auth in Mule ESB http:request

I'm using HTTP request in Mule ESB and need to implement HTTP basic auth in it. Now I do this by using explicit authorization header:
<http:request config-ref="HTTP_Request_Configuration" path="/activiti-rest/service/runtime/process-instances" method="POST" doc:name="Request to BPM">
<http:request-builder>
<http:header headerName="Authorization" value="Basic a2VybWl0OnBhc3N3b3JkMQ=="/>
</http:request-builder>
</http:request>
Is there any direct way to enter user and password for basic auth in Mule http:request?

There sure is:
<http:request-config name="basicConfig" host="localhost" port="${httpPort}">
<http:basic-authentication username="#[user]" password="#[password]" preemptive="#[preemptive]" />
</http:request-config>

Passing credentials to Peoplesoft web service from ASP.NET using SOAP headers

I have looked all over the web and cannot find the solution to this. I am developing an ASP.NET application that needs to consume a PeopleSoft web service. It was working fine until they applied security to the service. It's not a .NET service, so I cannot pass in credentials in the typical .NET way usnig System.Net.NetworkCredential. The PS developers told me I have to pass the credentials in the SOAP header. I see no specific way to do that anywhere. Here's the snippet from the PeopleSoft WSDL:
<wsdl:binding name="PROCESSREQUEST_Binding" type="tns:PROCESSREQUEST_PortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdl:operation name="PRCS_FINDREQUESTS">
<soap:operation soapAction="PRQ_FINDREQUESTS.v1" style="document" />
- <wsp:Policy wsu:Id="UsernameTokenSecurityPolicyPasswordRequired" xmlns:wsu="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <wsp:ExactlyOne>
- <wsp:All>
- <wsse:SecurityToken wsp:Usage="wsp:Required" xmlns:wsse="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:TokenType>wsse:UserNameToken</wsse:TokenType>
- <Claims>
<SubjectName MatchType="wsse:Exact" />
<UsePassword wsp:Usage="wsp:Required" />
</Claims>
</wsse:SecurityToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
How would I pass credentials using C#?

Here's the soap header I use when testing my web services having Username security activated with jMeter :
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>myUserName</wsse:Username>
<wsse:Password>myPassWord</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
It should do the work in C#