Description
When trying to configure SAML2 using the auto-configuration via application.yaml in Spring Boot 4.0.0 or later, I encounter the following exception:
Factory method 'securityFilterChain' threw exception with message: relyingPartyRegistrationRepository cannot be null.
It seems that the configuration from application.yaml is not being loaded properly.
Steps to Reproduce
1. Add Maven Repository and Dependency
pom.xml:
<repositories>
<repository>
<id>shibboleth-releases</id>
<name>Shibboleth Releases Repository</name>
<url>https://build.shibboleth.net/maven/releases/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-saml2-service-provider</artifactId>
</dependency>
</dependencies>
````
---
### 2. Configure SAML2 in `application.yaml`
Example :
```yaml
spring:
security:
saml2:
relyingparty:
registration:
idp:
entity-id: "http://localhost:8081/saml2/metadata"
acs:
location: "http://localhost:8081/login/saml2/sso"
signing:
credentials:
- private-key-location: classpath:credentials/rp-private-pkcs8.key
certificate-location: classpath:credentials/rp-certificate.crt
singlelogout:
binding: REDIRECT
url: "http://localhost:8081/logout/saml2/slo"
assertingparty:
metadata-uri: "http://localhost:8080/realms/idp_realm/protocol/saml/descriptor"
verification:
credentials:
- certificate-location: "classpath:credentials/ipd-signing.crt"
3. Security Configuration
Example:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
.anyRequest().authenticated()
)
.saml2Login(Customizer.withDefaults());
return http.build();
}
4. Run the Application
Error occurs:
Factory method 'securityFilterChain' threw exception with message:
relyingPartyRegistrationRepository cannot be null
5. Manual Configuration Works (For Comparison)
If you define the repository manually, the application works correctly:
@Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
RelyingPartyRegistration registration = RelyingPartyRegistration
.withRegistrationId("idp")
.entityId("http://localhost:8081/saml2/metadata")
.assertionConsumerServiceLocation("http://localhost:8081/login/saml2/sso")
.singleLogoutServiceBinding(REDIRECT)
.singleLogoutServiceLocation("http://localhost:8081/logout/saml2/slo")
.signingX509Credentials(c -> c.add(spSigningCredential()))
.assertingPartyMetadata(party -> party
.entityId("http://localhost:8080/realms/idp_realm")
.singleSignOnServiceLocation("http://localhost:8080/realms/idp_realm/protocol/saml")
.verificationX509Credentials(c -> c.add(idpVerifyingCredential()))
.wantAuthnRequestsSigned(true))
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
With this explicit bean, SAML2 login works fully, confirming that the issue is specifically with auto-configuration not loading YAML properties.
Expected Behavior
The RelyingPartyRegistrationRepository should be automatically created from the YAML configuration, and the application should start without throwing an exception.
Actual Behavior
The application fails to start with the exception:
Factory method 'securityFilterChain' threw exception with message: relyingPartyRegistrationRepository cannot be null
Comment From: wilkinsona
Judging by the small pom.xml snippet that you have shared, I suspect you're missing a dependency on spring-boot-security-saml2. It can be added in place of your dependency on spring-security-saml2-service-provider.
Comment From: M313K
Thanks a lot! After going through the dependencies, spring-boot-starter-security-saml2 was missing.
Appreciate your help!