SAML login with Spring

We already have a password-based and SAML-based login system that was tested with Okta (IdP). Our entire architecture is based in Java+Spring and uses Spring Security to handle authentication and @Secured annotations the controllers to handle authorization. It is required that all SAML users are registered in our database so we can handle authorization (role-based) on our back-end. Some screenshots of the login flow and pieces of code used to enable it are attached. Our current challenge regards a client that asked us for SAML-based login with their Microsoft Federation platform : they cannot successfully login and their specialist sent us the attached message indicating what they believe is going wrong. We would like to hire a freelancer to implement the necessary changes to make our security module work with the client's federation platform. The requirements for this job are: - The solution must, as already currently implemented, enable both user/password login and multiple SAML authentication methods (possible by adding several OpenSaml4AuthenticationProvider to [login to view URL]) - The solution must work both with our current test case (Okta) and our client's IdP (Microsoft) - An NDA must be signed (client requirement) - Good knowledge of Spring Security and SAML protocol - Git knowledge - Good communication skills in order to validate the solution with the client and explain to our team how/why it works - Communication with the client's technical team in order to make progress, given that only the client can access the service from their Federation IdP - Discuss with our technical team which are the possible paths/solutions, how they work and pros/cons in order to decide which one to take Some observations: - We have implemented our own OpenSaml4AuthenticationProvider (called OpenSaml4AuthenticationProviderCorrigido) in order to circumvent some compatibility errors between Spring Security and the dependency spring-security-saml2-service-provider. The custom authentication provider is identical to the standard one in the dependency, with the exception of a call to OpenSamlVerificationUtils, which has been replaced by a custom class OpenSamlVerificationUtilsCorrigido. This class, in turn, is a copy of an older implementation which is compatible with the other Spring Security libraries. - More details can be provided after the NDA is signed - We expect this job to be a minor correction on the already developed security module - The client did not provide a X509 certificate - We provide a default metafile, with no auto generation (sample attached)