From 72365141e0a9b0efc17199e3e24a82cb1e34ce48 Mon Sep 17 00:00:00 2001
From: Stefan Bechtold <bechte@users.noreply.github.com>
Date: Fri, 13 Oct 2023 08:44:40 +0200
Subject: [PATCH] add custom handler for IDP initiated authentication

see: https://medium.com/@usamashaikh47/enable-sso-in-sap-commerce-cloud-backoffice-with-okta-48f17fc69ff1
---
 .../external-dependencies.xml                 |  5 +++
 .../sapcxsinglesignon/project.properties      |  3 ++
 .../web/spring/idp-initiated-login-spring.xml |  8 +++++
 ...iatedSamlAuthenticationSuccessHandler.java | 31 +++++++++++++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/resources/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml
 create mode 100644 core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/src/tools/sapcx/commerce/sso/saml/IdpInitiatedSamlAuthenticationSuccessHandler.java

diff --git a/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/external-dependencies.xml b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/external-dependencies.xml
index 563527f..c633300 100644
--- a/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/external-dependencies.xml
+++ b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/external-dependencies.xml
@@ -6,6 +6,11 @@
 	<version>4.1.1</version>
 	<packaging>jar</packaging>
 	<dependencies>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-saml2-service-provider</artifactId>
+			<version>5.6.1</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-oauth2-core</artifactId>
diff --git a/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/project.properties b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/project.properties
index ed0e31f..1cb77d8 100644
--- a/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/project.properties
+++ b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/project.properties
@@ -4,6 +4,7 @@
 
 # Location of the file for the global platform spring application context
 sapcxsinglesignon.application-context=sapcxsinglesignon-spring.xml
+samlsinglesignon.additionalWebSpringConfigs.sapcxsinglesignon=classpath:/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml
 
 ##############################################################################
 # General settings
@@ -25,6 +26,8 @@ sapcxsinglesignon.filter.idp.issuer=
 sapcxsinglesignon.filter.idp.audience=
 sapcxsinglesignon.filter.idp.claim.id=email
 
+sapcxsinglesignon.backoffice.defaulturl=/
+
 sapcxsinglesignon.replicate.creation.enabled=false
 sapcxsinglesignon.replicate.removal.enabled=false
 
diff --git a/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/resources/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/resources/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml
new file mode 100644
index 0000000..903a1d0
--- /dev/null
+++ b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/resources/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <bean id="cxIdpInitiatedSamlAuthenticationSuccessHandler" class="tools.sapcx.commerce.sso.saml.IdpInitiatedSamlAuthenticationSuccessHandler">
+        <property name="defaultTargetUrl" value="${sapcxsinglesignon.backoffice.defaulturl}"/>
+    </bean>
+</beans>
\ No newline at end of file
diff --git a/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/src/tools/sapcx/commerce/sso/saml/IdpInitiatedSamlAuthenticationSuccessHandler.java b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/src/tools/sapcx/commerce/sso/saml/IdpInitiatedSamlAuthenticationSuccessHandler.java
new file mode 100644
index 0000000..6d7110a
--- /dev/null
+++ b/core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/src/tools/sapcx/commerce/sso/saml/IdpInitiatedSamlAuthenticationSuccessHandler.java
@@ -0,0 +1,31 @@
+package tools.sapcx.commerce.sso.saml;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+
+public class IdpInitiatedSamlAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
+	private static final Logger LOG = LoggerFactory.getLogger(IdpInitiatedSamlAuthenticationSuccessHandler.class);
+
+	@Override
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
+		if (authentication instanceof Saml2Authentication) {
+			String relayStateURL = request.getParameter("RelayState");
+			if (StringUtils.isNotBlank(relayStateURL)) {
+				LOG.debug("Redirecting to RelayState Url: " + relayStateURL);
+				getRedirectStrategy().sendRedirect(request, response, relayStateURL);
+				return;
+			}
+		}
+		super.onAuthenticationSuccess(request, response, authentication);
+	}
+}