SAML2 authentication with V23 flow + springboot?

I’ve had this working in the past but somewhere along the way (V22->23? 23.0->23.3? Spring-security update?) things broke, so I’m looking for a better canonical approach than my obviously fairly brittle ad-hoc implementation. I’d love to also support OIDC, but I’m not been able to figure out how to get GCP to act as an OIDC authenticator, at least not when running on localhost. Pointers would be most welcome!

okay - I’ve made some progress on OAuth2. The current issue is that all is well if I enter …/oauth2/authorization/whatever direction in my web browser but if I add a link on my login page to point to the SSO endpoint, I get an AnonymousAuthenticationToken instead of going through the real authentication process. Ideas?

Restating:
I have an Anchor on my login page that points to … oauth2/authorization/bar. If I click the button, the vaadin servlet tries to handle it with the default component, via a RouteAlias(“”). It then gets really confused because the Authority available isn’t really logged in. What has me confused is that if I either navigate to the same URL in a fresh browser tab or if I even reload the page, it works properly.
I assume that what is happening is that the oauth2 spring security component set up a MVC route on that path and for some reason, vaadin isn’t passing it through if there’s already a session.

You are missing the router ignore attribute on your anchor.

Huh. that’s new to me. That worked, thanks!

It’s mentioned in the migration guides :wink:

yeah - a case of “I didn’t think I needed that feature”

There were essentially two options we had for how that would work: either require folks to use a specific type of link to navigate with the router and another to navigate elsewhere, or then have the router intercept all the links and have a way to opt-out of the router if needed.

This way is more convenient in most cases, but as you noticed, there are some cases where you need to opt out.

yes, that makes sense. Good to know about it in any case - thanks all