From b470a4eccab1848eeba76cf044814e9b0d209750 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Fri, 20 Mar 2020 16:46:51 -0600
Subject: [PATCH] Polish SAML 2.0 Login Sample

Fixes gh-8163
---
 samples/boot/saml2login/README.adoc           | 24 +++++++----------
 .../src/main/java/sample/IndexController.java |  6 -----
 .../src/main/resources/application.yml        | 12 ++++-----
 .../src/main/resources/templates/index.html   | 26 +++++++++----------
 4 files changed, 26 insertions(+), 42 deletions(-)

diff --git a/samples/boot/saml2login/README.adoc b/samples/boot/saml2login/README.adoc
index 94feb1c8261..c0023a3ffe1 100644
--- a/samples/boot/saml2login/README.adoc
+++ b/samples/boot/saml2login/README.adoc
@@ -1,26 +1,20 @@
 = OAuth 2.0 Login Sample
 
-This guide provides instructions on setting up the sample application with SAML 2.0 Login using
-Spring Security's `saml2Login()` feature.
+This guide provides instructions on setting up this SAML 2.0 Login sample application.
 
-The sample application uses Spring Boot 2.2.0.M5 and the `spring-security-saml2-service-provider`
+The sample application uses Spring Boot and the `spring-security-saml2-service-provider`
 module which is new in Spring Security 5.2.
 
 == Goals
 
-`saml2Login()` provides a very simple, basic, implementation of a Service Provider
-that can receive a SAML 2 Response XML object via the HTTP-POST and HTTP-REDIRECT bindings
-against a known SAML reference implementation by SimpleSAMLPhp.
+`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the SimpleSAMLphp SAML 2.0 reference implementation.
 
+The following features are implemented in the MVP:
 
-The following features are implemented in the MVP
-
-1. Receive and validate a SAML 2.0 Response object containing an assertion
-and create a valid authentication in Spring Security
-2. Send a SAML 2 AuthNRequest object to an Identity Provider
-3. Provide a framework for components used in SAML 2.0 authentication that can
-be swapped by configuration
-4. Sample working against the SimpleSAMLPhP reference implementation
+1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
+2. Send a SAML 2.0 AuthNRequest to an Identity Provider
+3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
+4. Work against the SimpleSAMLphp reference implementation
 
 == Run the Sample
 
@@ -33,7 +27,7 @@ be swapped by configuration
 
 http://localhost:8080/
 
-You will be redirect to the SimpleSAMLPhp IDP
+You will be redirect to the SimpleSAMLphp IDP
 
 === Type in your credentials
 
diff --git a/samples/boot/saml2login/src/main/java/sample/IndexController.java b/samples/boot/saml2login/src/main/java/sample/IndexController.java
index 3c336c4dfac..0d859205c5c 100644
--- a/samples/boot/saml2login/src/main/java/sample/IndexController.java
+++ b/samples/boot/saml2login/src/main/java/sample/IndexController.java
@@ -19,15 +19,9 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import sample.Saml2LoginApplication;
-
 @Controller
 public class IndexController {
 
-	private static final Log logger = LogFactory.getLog(Saml2LoginApplication.class);
-
 	@GetMapping("/")
 	public String index() {
 		return "index";
diff --git a/samples/boot/saml2login/src/main/resources/application.yml b/samples/boot/saml2login/src/main/resources/application.yml
index c8cbdd45ce2..afee02e6f78 100644
--- a/samples/boot/saml2login/src/main/resources/application.yml
+++ b/samples/boot/saml2login/src/main/resources/application.yml
@@ -4,13 +4,11 @@ spring:
       relyingparty:
         registration:
           simplesamlphp:
-            signing:
-              credentials:
-                - private-key-location: "classpath:credentials/rp-private.key"
-                  certificate-location: "classpath:credentials/rp-certificate.crt"
+            signing.credentials:
+              - private-key-location: "classpath:credentials/rp-private.key"
+                certificate-location: "classpath:credentials/rp-certificate.crt"
             identityprovider:
-              verification:
-                credentials:
-                  - certificate-location: "classpath:credentials/idp-certificate.crt"
               entity-id: https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php
+              verification.credentials:
+                - certificate-location: "classpath:credentials/idp-certificate.crt"
               sso-url: https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php
diff --git a/samples/boot/saml2login/src/main/resources/templates/index.html b/samples/boot/saml2login/src/main/resources/templates/index.html
index 5251b3a8e9e..e278cbe73c0 100644
--- a/samples/boot/saml2login/src/main/resources/templates/index.html
+++ b/samples/boot/saml2login/src/main/resources/templates/index.html
@@ -1,5 +1,5 @@
 <!--
-  ~ Copyright 2002-2019 the original author or authors.
+  ~ Copyright 2002-2020 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -17,21 +17,19 @@
 <!doctype html>
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org" xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
 <head>
-	<title>Spring Security - SAML 2 Log In</title>
+	<title>Spring Security - SAML 2.0 Login</title>
 	<meta charset="utf-8" />
 </head>
 <body>
-    <h1>Success</h1>
-    <div>You are authenticated as <span sec:authentication="name"></span></div>
-    <ul>
-        <li>
-            <a th:href="@{/logout}">Log Out</a>
-        </li>
-        <li>
-            <a href="https://simplesaml-for-spring-saml.cfapps.io/module.php/core/authenticate.php?as=example-userpass&logout">
-                Log out of SimpleSAMLPhp
-            </a>
-        </li>
-    </ul>
+	<div>
+        <form th:action="@{/logout}" method="post">
+            <input type="submit" value="Logout" />
+        </form>
+        <a href="https://simplesaml-for-spring-saml.cfapps.io/module.php/core/authenticate.php?as=example-userpass&logout">
+            Log out of SimpleSAMLphp
+        </a>
+	</div>
+	<h1>SAML 2.0 Login with Spring Security</h1>
+	<div>You are successfully logged in as <span sec:authentication="name"></span></div>
 </body>
 </html>