I have a spring boot 3.2.3 all-in-one application with React as the front end. I want to allow local login in addition to SSO/saml2, both resulting in a JWT used throughout React. I have the spring filters only protecting a subset of my endpoints:
http.csrf(AbstractHttpConfigurer::disable).cors(c -> c.disable())
.securityMatcher("/auth/saml2/myjwt", "/saml2/**", "/login/saml2/**")
.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
.saml2Login(Customizer.withDefaults()).saml2Logout(Customizer.withDefaults())
.addFilterBefore(filter, Saml2WebSsoAuthenticationFilter.class);
All works well when already saml2 authenticated, "/auth/saml2/myjwt" returns my fresh JWT. When not authenticated I get a redirect that I can't capture with Axios, and after SSO/saml2 auth, the IDP sends me back to "/auth/saml2/myjwt"(what sent me to the IDP) vs. my desired page.
Any idea how to tell the IDP upon SP login where to return to after login? I see RelayState, but that is for IDP initiated login.
@CrossOrigin
@GetMapping("/saml2/myjwt")
public ResponseEntity<JwtResponse> saml2loginGet(
@AuthenticationPrincipal Saml2AuthenticatedPrincipal principal, Model model) {
.....