Combine database, SAML, and OAuth in one application using spring security

Hi,

I am implementing authentication and authorization in the spring boot(2.2.4) app using spring security(spring-security-starter). I want below 3 things in one application:

Authenticate User using database (I am using hibernate)- For this I can use spring's UserDetailService

Authenticate User using SAML 2.0 protocol- Using Okta as identity provider, can use others as well like OneLogin etc.

Authenticate User using OAuth 2.0 protocol- can authenticate user with Github, Google, Facebook

I also want to know how can I enable and disable a particular one by setting some properties in application.properties file.

I am able to authenticate the user using SAML, and OAuth in separate applications, see the code below, but I want all these three(3) in one application.

Tried: I tried to achieve this with the help of this article but couldn't get that how to do the proper configuration.

Using SAML:

package com.example.demo; import static org.springframework.security.extensions.saml2.config.SAMLConfigurer.saml; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.saml.userdetails.SAMLUserDetailsService; @EnableWebSecurity @Configuration @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired    SAMLUserDetailsService userDetailsService;    @Value("${security.saml2.metadata-url}")    String metadataUrl;    @Value("${server.ssl.key-alias}")    String keyAlias;    @Value("${server.ssl.key-store-password}")    String password;    @Value("${server.port}")    String port;    @Value("${server.ssl.key-store}")    String keyStoreFilePath;                //Uisng SAML2.0    @Override    protected void configure(final HttpSecurity http) throws Exception {        http.csrf().disable()            .authorizeRequests()                .antMatchers("/").permitAll()                .anyRequest().authenticated()                .and()            .apply(saml())                .serviceProvider()                    .keyStore()                        .storeFilePath(this.keyStoreFilePath)                        .password(this.password)                        .keyname(this.keyAlias)                        .keyPassword(this.password)                        .and()                    .protocol("https")                    .hostname(String.format("%s:%s", "localhost", this.port))                    .basePath("/")                    .and().userDetailsService(userDetailsService)                .identityProvider()                .metadataFilePath(this.metadataUrl);    }   }

Using OAuth 2.0

package com.example.demo; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration public class SecurityConfiguration extends WebSecurityConfigurerAdapter {    @Override    public void configure(HttpSecurity http) throws Exception {        http.antMatcher("/**")            .authorizeRequests()            .antMatchers("/", "/login**")            .permitAll()            .anyRequest()            .authenticated()            .and()            .oauth2Login();    } }