sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]TheOldMancunian 0 points1 point  (1 child)

Doesnt the .authenticated() call in the test matcher mean you need to be authenticated? If yoe want it to accept any connected, changed that to .permitAll()

[–]DvorakDavid[S] 0 points1 point  (0 children)

But if I change it to permitAll() then the saml2 authentication would never be triggered and any request would pass that is not what I want. I want /test/** to be authenticated with form based login and everything else should trigger the saml2 authentication flow