Major Enhancements to SAML2 and OAuth2 Integration with Simplified Security Configurations

[Ludy87]

Description

Overview

This PR introduces major enhancements to the SPDF project's security configurations, specifically focusing on SAML2 and OAuth2 integrations. The changes include improvements to security, user experience, maintainability, and the overall structure of the codebase for authentication and authorization functionalities. The adjustments also align the security logic with the latest standards and best practices for managing identity providers.

Main Changes and Improvements

• Dependencies related to OpenSAML and SAML2 have been added to the build.gradle file to facilitate SAML2 integration.

• Added constraints for org.opensaml libraries.

• Added spring-security-saml2-service-provider and com.coveo:saml-client libraries to support SAML2-related functionalities.

• Introduced a new baseUrl configuration to dynamically determine the server base URL.

• Changes were made to use baseUrlStatic and serverPortStatic in the SPdfApplication class, ensuring the URLs used throughout the application are consistent and configurable​

The CustomLogoutSuccessHandler has been significantly improved to handle various scenarios such as SAML2, OAuth2, and Username/Password logouts:

• Added new methods for handling specific logout flows (getRedirect_saml2, getRedirect_oauth2) based on the type of authentication.
• The logout logic is now more modular, simplifying the maintenance of different authentication mechanisms.
• Errors related to user account status (userIsDisabled, etc.) are now properly managed and redirected with improved error messaging

Certificate Utility Class:

• Created a new utility class (CertificateUtils) to handle certificate reading operations for SAML2 configurations.
• This utility method helps in reading X509 certificates and private keys from files, reducing redundancy and improving the readability of the core security classes​

Security Configuration Simplification:

• The SecurityConfiguration class was enhanced to incorporate SAML2 configurations more flexibly.
• Introduced bean definitions for RelyingPartyRegistrationRepository and authentication providers, ensuring SAML2-related components are properly initialized.
• Removed older SAML-related classes and interfaces (SAMLLogoutSuccessHandler, ConvertResponseToAuthentication, CustomSAMLAuthenticationFailureHandler, etc.) and replaced them with newer, more cohesive implementations.
• Introduced support for OAuth2 client registrations using ClientRegistrationRepository for various providers, such as Google, Keycloak, and GitHub, thus centralizing the configuration logic for better management (rollback)

OAuth2 Enhancements:

• Added handling for custom OAuth2 logout scenarios within CustomLogoutSuccessHandler.
• Improved redirection handling for different OAuth2 providers like GitHub, Google, and Keycloak.
• Removed the deprecated CustomOAuth2LogoutSuccessHandler as its logic was integrated into the enhanced CustomLogoutSuccessHandler

SAML2 Enhancements:

• Introduced CustomSaml2ResponseAuthenticationConverter to handle the conversion of SAML2 response tokens into Saml2Authentication objects.
• Added configurations for creating RelyingPartyRegistration beans to handle metadata for SAML2 logins, providing a clean and efficient way to manage SAML2 service providers​

Custom Principal Implementation:

• Added CustomSaml2AuthenticatedPrincipal for storing information about the authenticated SAML user.
• The new class helps manage user attributes, including session indexes and name ID values, and is useful for providing user information during logout and other operations​

Checklist

• I have read the Contribution Guidelines
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings
• I have read the section Add New Translation Tags (for new translation tags only)

[Ludy87]

@Frooodle all tests are passed