GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove RelyingPartyRegistration Deprecations 

Closes gh-17309

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
pull/17322/head
Tran Ngoc Nhan 6 months ago committed by Josh Cummings
parent
081c92a9e5
commit
4d524b1fe1
37 changed files with 204 additions and 298 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
  2. 4
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
  3. 6
      config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java
  4. 58
      config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java
  5. 8
      config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt
  6. 20
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
  7. 89
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
  8. 4
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
  9. 12
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutRequestValidatorTests.java
  10. 10
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutResponseValidatorTests.java
  11. 12
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidatorTests.java
  12. 10
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidatorTests.java
  13. 4
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml4MetadataResolverTests.java
  14. 4
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
  15. 10
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepositoryTests.java
  16. 10
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
  17. 4
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4SigningUtilsTests.java
  18. 2
      saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolverTests.java
  19. 4
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java
  20. 12
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutRequestValidatorTests.java
  21. 10
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutResponseValidatorTests.java
  22. 4
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml5MetadataResolverTests.java
  23. 10
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepositoryTests.java
  24. 10
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java
  25. 4
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5SigningUtilsTests.java
  26. 4
      saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml5LogoutResponseResolverTests.java
  27. 8
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/TestSaml2JsonPayloads.java
  28. 18
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
  29. 6
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepositoryTests.java
  30. 8
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
  31. 73
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
  32. 20
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
  33. 8
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
  34. 4
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
  35. 10
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java
  36. 6
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilterTests.java
  37. 8
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests.java

8
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -134,7 +134,7 @@ public class Saml2LoginConfigurerTests {
private static final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials() private static final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials()
.signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartySigningCredential())) .signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartySigningCredential()))
.assertingPartyDetails((party) -> party .assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
@ -170,7 +170,7 @@ public class Saml2LoginConfigurerTests {
@BeforeAll @BeforeAll
static void createResponse() throws Exception { static void createResponse() throws Exception {
String destination = registration.getAssertionConsumerServiceLocation(); String destination = registration.getAssertionConsumerServiceLocation();
String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId(); String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
String relyingPartyEntityId = registration.getEntityId(); String relyingPartyEntityId = registration.getEntityId();
Response response = TestOpenSamlObjects.response(destination, assertingPartyEntityId); Response response = TestOpenSamlObjects.response(destination, assertingPartyEntityId);
Assertion assertion = TestOpenSamlObjects.assertion("test@saml.user", assertingPartyEntityId, Assertion assertion = TestOpenSamlObjects.assertion("test@saml.user", assertingPartyEntityId,
@ -365,7 +365,7 @@ public class Saml2LoginConfigurerTests {
request.queryParam("entityId", registration.getRegistrationId()); request.queryParam("entityId", registration.getRegistrationId());
MvcResult result = this.mvc.perform(request).andExpect(status().isFound()).andReturn(); MvcResult result = this.mvc.perform(request).andExpect(status().isFound()).andReturn();
String redirectedUrl = result.getResponse().getRedirectedUrl(); String redirectedUrl = result.getResponse().getRedirectedUrl();
assertThat(redirectedUrl).startsWith(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); assertThat(redirectedUrl).startsWith(registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }
@Test @Test

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
Unescape View File

@ -731,14 +731,14 @@ public class Saml2LogoutConfigurerTests {
Saml2X509Credential verification = TestSaml2X509Credentials.relyingPartyVerifyingCredential(); Saml2X509Credential verification = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
RelyingPartyRegistration.Builder withCreds = TestRelyingPartyRegistrations.noCredentials() RelyingPartyRegistration.Builder withCreds = TestRelyingPartyRegistrations.noCredentials()
.signingX509Credentials(credential(signing)) .signingX509Credentials(credential(signing))
.assertingPartyDetails((party) -> party.verificationX509Credentials(credential(verification))); .assertingPartyMetadata((party) -> party.verificationX509Credentials(credential(verification)));
RelyingPartyRegistration post = withCreds.build(); RelyingPartyRegistration post = withCreds.build();
RelyingPartyRegistration get = withCreds.registrationId("get") RelyingPartyRegistration get = withCreds.registrationId("get")
.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT) .singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)
.build(); .build();
RelyingPartyRegistration ap = withCreds.registrationId("ap") RelyingPartyRegistration ap = withCreds.registrationId("ap")
.entityId("ap-entity-id") .entityId("ap-entity-id")
.assertingPartyDetails( .assertingPartyMetadata(
(party) -> party.singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request") (party) -> party.singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request")
.singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response")) .singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response"))
.build(); .build();

6
config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -98,7 +98,7 @@ public class Saml2LoginBeanDefinitionParserTests {
private static final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials() private static final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials()
.signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartySigningCredential())) .signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartySigningCredential()))
.assertingPartyDetails((party) -> party .assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
@ -141,7 +141,7 @@ public class Saml2LoginBeanDefinitionParserTests {
@BeforeAll @BeforeAll
static void createResponse() throws Exception { static void createResponse() throws Exception {
String destination = registration.getAssertionConsumerServiceLocation(); String destination = registration.getAssertionConsumerServiceLocation();
String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId(); String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
String relyingPartyEntityId = registration.getEntityId(); String relyingPartyEntityId = registration.getEntityId();
Response response = TestOpenSamlObjects.response(destination, assertingPartyEntityId); Response response = TestOpenSamlObjects.response(destination, assertingPartyEntityId);
Assertion assertion = TestOpenSamlObjects.assertion("test@saml.user", assertingPartyEntityId, Assertion assertion = TestOpenSamlObjects.assertion("test@saml.user", assertingPartyEntityId,

58
config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -31,6 +31,7 @@ import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
@ -151,8 +152,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
.findByRegistrationId("one"); .findByRegistrationId("one");
RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration AssertingPartyMetadata assertingPartyMetadata = relyingPartyRegistration.getAssertingPartyMetadata();
.getAssertingPartyDetails();
assertThat(relyingPartyRegistration).isNotNull(); assertThat(relyingPartyRegistration).isNotNull();
assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one"); assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one");
assertThat(relyingPartyRegistration.getEntityId()) assertThat(relyingPartyRegistration.getEntityId())
@ -160,15 +160,15 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
assertThat(relyingPartyRegistration.getAssertionConsumerServiceLocation()) assertThat(relyingPartyRegistration.getAssertionConsumerServiceLocation())
.isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); .isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}");
assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
assertThat(assertingPartyDetails.getEntityId()) assertThat(assertingPartyMetadata.getEntityId())
.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php");
assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isFalse(); assertThat(assertingPartyMetadata.getWantAuthnRequestsSigned()).isFalse();
assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1); assertThat(assertingPartyMetadata.getVerificationX509Credentials()).hasSize(1);
assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1); assertThat(assertingPartyMetadata.getEncryptionX509Credentials()).hasSize(1);
assertThat(assertingPartyDetails.getSingleSignOnServiceLocation()) assertThat(assertingPartyMetadata.getSingleSignOnServiceLocation())
.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php");
assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(assertingPartyMetadata.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(assertingPartyDetails.getSigningAlgorithms()) assertThat(assertingPartyMetadata.getSigningAlgorithms())
.containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
} }
@ -186,8 +186,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
.findByRegistrationId("one"); .findByRegistrationId("one");
RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration AssertingPartyMetadata assertingPartyMetadata = relyingPartyRegistration.getAssertingPartyMetadata();
.getAssertingPartyDetails();
assertThat(relyingPartyRegistration).isNotNull(); assertThat(relyingPartyRegistration).isNotNull();
assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one"); assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one");
assertThat(relyingPartyRegistration.getEntityId()).isEqualTo("https://rp.example.org"); assertThat(relyingPartyRegistration.getEntityId()).isEqualTo("https://rp.example.org");
@ -195,15 +194,15 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
.isEqualTo("https://rp.example.org/location"); .isEqualTo("https://rp.example.org/location");
assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()) assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding())
.isEqualTo(Saml2MessageBinding.REDIRECT); .isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(assertingPartyDetails.getEntityId()) assertThat(assertingPartyMetadata.getEntityId())
.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php");
assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isFalse(); assertThat(assertingPartyMetadata.getWantAuthnRequestsSigned()).isFalse();
assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1); assertThat(assertingPartyMetadata.getVerificationX509Credentials()).hasSize(1);
assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1); assertThat(assertingPartyMetadata.getEncryptionX509Credentials()).hasSize(1);
assertThat(assertingPartyDetails.getSingleSignOnServiceLocation()) assertThat(assertingPartyMetadata.getSingleSignOnServiceLocation())
.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php");
assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(assertingPartyMetadata.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(assertingPartyDetails.getSigningAlgorithms()) assertThat(assertingPartyMetadata.getSigningAlgorithms())
.containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
} }
@ -214,8 +213,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
.findByRegistrationId("one"); .findByRegistrationId("one");
RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration AssertingPartyMetadata assertingPartyMetadata = relyingPartyRegistration.getAssertingPartyMetadata();
.getAssertingPartyDetails();
assertThat(relyingPartyRegistration).isNotNull(); assertThat(relyingPartyRegistration).isNotNull();
assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one"); assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one");
assertThat(relyingPartyRegistration.getEntityId()) assertThat(relyingPartyRegistration.getEntityId())
@ -224,14 +222,14 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
.isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); .isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}");
assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()) assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding())
.isEqualTo(Saml2MessageBinding.REDIRECT); .isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(assertingPartyDetails.getEntityId()).isEqualTo("https://accounts.google.com/o/saml2/idp/entity-id"); assertThat(assertingPartyMetadata.getEntityId()).isEqualTo("https://accounts.google.com/o/saml2/idp/entity-id");
assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isTrue(); assertThat(assertingPartyMetadata.getWantAuthnRequestsSigned()).isTrue();
assertThat(assertingPartyDetails.getSingleSignOnServiceLocation()) assertThat(assertingPartyMetadata.getSingleSignOnServiceLocation())
.isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url"); .isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url");
assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(assertingPartyMetadata.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1); assertThat(assertingPartyMetadata.getVerificationX509Credentials()).hasSize(1);
assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1); assertThat(assertingPartyMetadata.getEncryptionX509Credentials()).hasSize(1);
assertThat(assertingPartyDetails.getSigningAlgorithms()) assertThat(assertingPartyMetadata.getSigningAlgorithms())
.containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
} }
@ -241,9 +239,9 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
assertThat(this.relyingPartyRegistrationRepository) assertThat(this.relyingPartyRegistrationRepository)
.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
RelyingPartyRegistration one = this.relyingPartyRegistrationRepository.findByRegistrationId("one"); RelyingPartyRegistration one = this.relyingPartyRegistrationRepository.findByRegistrationId("one");
RelyingPartyRegistration.AssertingPartyDetails google = one.getAssertingPartyDetails(); AssertingPartyMetadata google = one.getAssertingPartyMetadata();
RelyingPartyRegistration two = this.relyingPartyRegistrationRepository.findByRegistrationId("two"); RelyingPartyRegistration two = this.relyingPartyRegistrationRepository.findByRegistrationId("two");
RelyingPartyRegistration.AssertingPartyDetails simpleSaml = two.getAssertingPartyDetails(); AssertingPartyMetadata simpleSaml = two.getAssertingPartyMetadata();
assertThat(one).isNotNull(); assertThat(one).isNotNull();
assertThat(one.getRegistrationId()).isEqualTo("one"); assertThat(one.getRegistrationId()).isEqualTo("one");
assertThat(one.getEntityId()).isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}"); assertThat(one.getEntityId()).isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}");

8
config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt
Unescape View File

@ -106,13 +106,13 @@ class Saml2DslTests {
InMemoryRelyingPartyRegistrationRepository( InMemoryRelyingPartyRegistrationRepository(
RelyingPartyRegistration.withRegistrationId("samlId") RelyingPartyRegistration.withRegistrationId("samlId")
.assertionConsumerServiceLocation("{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI) .assertionConsumerServiceLocation("{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI)
.assertingPartyDetails { a -> a .assertingPartyMetadata { a -> a
.verificationX509Credentials { c -> c .verificationX509Credentials { c -> c
.add(Saml2X509Credential(loadCert("rod.cer"), Saml2X509Credential.Saml2X509CredentialType.VERIFICATION)) .add(Saml2X509Credential(loadCert("rod.cer"), Saml2X509Credential.Saml2X509CredentialType.VERIFICATION))
} }
} }
.assertingPartyDetails { c -> c.singleSignOnServiceLocation("ssoUrl") } .assertingPartyMetadata { c -> c.singleSignOnServiceLocation("ssoUrl") }
.assertingPartyDetails { c -> c.entityId("entityId") } .assertingPartyMetadata { c -> c.entityId("entityId") }
.build() .build()
) )
} }
@ -152,7 +152,7 @@ class Saml2DslTests {
this.mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isFound()).andReturn() this.mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isFound()).andReturn()
val redirectedUrl = result.response.redirectedUrl val redirectedUrl = result.response.redirectedUrl
Assertions.assertThat(redirectedUrl) Assertions.assertThat(redirectedUrl)
.startsWith(registration.assertingPartyDetails.singleSignOnServiceLocation) .startsWith(registration.assertingPartyMetadata.singleSignOnServiceLocation)
} }
@Configuration @Configuration

20
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -48,7 +48,8 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
super(registration.getRegistrationId(), registration.getEntityId(), super(registration.getRegistrationId(), registration.getEntityId(),
registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(), registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(),
registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(), registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(),
registration.getSingleLogoutServiceBindings(), registration.getAssertingPartyDetails(), registration.getSingleLogoutServiceBindings(),
(OpenSamlAssertingPartyDetails) registration.getAssertingPartyMetadata(),
registration.getNameIdFormat(), registration.isAuthnRequestsSigned(), registration.getNameIdFormat(), registration.isAuthnRequestsSigned(),
registration.getDecryptionX509Credentials(), registration.getSigningX509Credentials()); registration.getDecryptionX509Credentials(), registration.getSigningX509Credentials());
} }
@ -58,7 +59,7 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
*/ */
@Override @Override
public OpenSamlRelyingPartyRegistration.Builder mutate() { public OpenSamlRelyingPartyRegistration.Builder mutate() {
OpenSamlAssertingPartyDetails party = getAssertingPartyDetails(); OpenSamlAssertingPartyDetails party = (OpenSamlAssertingPartyDetails) getAssertingPartyMetadata();
return new Builder(party).registrationId(getRegistrationId()) return new Builder(party).registrationId(getRegistrationId())
.entityId(getEntityId()) .entityId(getEntityId())
.signingX509Credentials((c) -> c.addAll(getSigningX509Credentials())) .signingX509Credentials((c) -> c.addAll(getSigningX509Credentials()))
@ -72,14 +73,6 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
.authnRequestsSigned(isAuthnRequestsSigned()); .authnRequestsSigned(isAuthnRequestsSigned());
} }
/**
* {@inheritDoc}
*/
@Override
public OpenSamlAssertingPartyDetails getAssertingPartyDetails() {
return (OpenSamlAssertingPartyDetails) super.getAssertingPartyDetails();
}
/** /**
* Create a {@link Builder} from an entity descriptor * Create a {@link Builder} from an entity descriptor
* @param entityDescriptor the asserting party's {@link EntityDescriptor} * @param entityDescriptor the asserting party's {@link EntityDescriptor}
@ -165,11 +158,6 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
return (Builder) super.authnRequestsSigned(authnRequestsSigned); return (Builder) super.authnRequestsSigned(authnRequestsSigned);
} }
@Override
public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
return (Builder) super.assertingPartyDetails(assertingPartyDetails);
}
@Override @Override
public Builder assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>> assertingPartyMetadata) { public Builder assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>> assertingPartyMetadata) {
return (Builder) super.assertingPartyMetadata(assertingPartyMetadata); return (Builder) super.assertingPartyMetadata(assertingPartyMetadata);

89
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -56,7 +56,7 @@ import org.springframework.util.CollectionUtils;
* .entityId(relyingPartyEntityId) * .entityId(relyingPartyEntityId)
* .assertionConsumerServiceLocation(assertingConsumerServiceLocation) * .assertionConsumerServiceLocation(assertingConsumerServiceLocation)
* .signingX509Credentials((c) -&gt; c.add(relyingPartySigningCredential)) * .signingX509Credentials((c) -&gt; c.add(relyingPartySigningCredential))
* .assertingPartyDetails((details) -&gt; details * .assertingPartyMetadata((metadata) -&gt; metadata
* .entityId(assertingPartyEntityId)); * .entityId(assertingPartyEntityId));
* .singleSignOnServiceLocation(singleSignOnServiceLocation)) * .singleSignOnServiceLocation(singleSignOnServiceLocation))
* .verifyingX509Credentials((c) -&gt; c.add(assertingPartyVerificationCredential)) * .verifyingX509Credentials((c) -&gt; c.add(assertingPartyVerificationCredential))
@ -145,7 +145,7 @@ public class RelyingPartyRegistration implements Serializable {
Assert.notNull(assertionConsumerServiceBinding, "assertionConsumerServiceBinding cannot be null"); Assert.notNull(assertionConsumerServiceBinding, "assertionConsumerServiceBinding cannot be null");
Assert.isTrue(singleLogoutServiceLocation == null || !CollectionUtils.isEmpty(singleLogoutServiceBindings), Assert.isTrue(singleLogoutServiceLocation == null || !CollectionUtils.isEmpty(singleLogoutServiceBindings),
"singleLogoutServiceBindings cannot be null or empty when singleLogoutServiceLocation is set"); "singleLogoutServiceBindings cannot be null or empty when singleLogoutServiceLocation is set");
Assert.notNull(assertingPartyMetadata, "assertingPartyDetails cannot be null"); Assert.notNull(assertingPartyMetadata, "assertingPartyMetadata cannot be null");
Assert.notNull(decryptionX509Credentials, "decryptionX509Credentials cannot be null"); Assert.notNull(decryptionX509Credentials, "decryptionX509Credentials cannot be null");
for (Saml2X509Credential c : decryptionX509Credentials) { for (Saml2X509Credential c : decryptionX509Credentials) {
Assert.notNull(c, "decryptionX509Credentials cannot contain null elements"); Assert.notNull(c, "decryptionX509Credentials cannot contain null elements");
@ -352,22 +352,9 @@ public class RelyingPartyRegistration implements Serializable {
return this.signingX509Credentials; return this.signingX509Credentials;
} }
/**
* Get the configuration details for the Asserting Party
* @return the {@link AssertingPartyDetails}
* @since 5.4
* @deprecated Use {@link #getAssertingPartyMetadata()} instead
*/
@Deprecated
public AssertingPartyDetails getAssertingPartyDetails() {
Assert.isInstanceOf(AssertingPartyDetails.class, this.assertingPartyMetadata,
"This class was initialized with an AssertingPartyMetadata, please call #getAssertingPartyMetadata instead");
return (AssertingPartyDetails) this.assertingPartyMetadata;
}
/** /**
* Get the metadata for the Asserting Party * Get the metadata for the Asserting Party
* @return the {@link AssertingPartyDetails} * @return the {@link AssertingPartyMetadata}
* @since 6.4 * @since 6.4
*/ */
public AssertingPartyMetadata getAssertingPartyMetadata() { public AssertingPartyMetadata getAssertingPartyMetadata() {
@ -385,26 +372,10 @@ public class RelyingPartyRegistration implements Serializable {
return new Builder(registrationId, new AssertingPartyDetails.Builder()); return new Builder(registrationId, new AssertingPartyDetails.Builder());
} }
/**
* @param assertingPartyDetails the asserting party metadata
* @return {@code Builder} to create a {@code RelyingPartyRegistration} object
* @deprecated Use {@link #withAssertingPartyMetadata} instead
*/
@Deprecated(forRemoval = true, since = "6.4")
public static Builder withAssertingPartyDetails(AssertingPartyDetails assertingPartyDetails) {
Assert.notNull(assertingPartyDetails, "assertingPartyDetails cannot be null");
return new Builder(assertingPartyDetails.getEntityId(), assertingPartyDetails.mutate());
}
/** /**
* Creates a {@code RelyingPartyRegistration} {@link Builder} with a * Creates a {@code RelyingPartyRegistration} {@link Builder} with a
* {@code registrationId} equivalent to the asserting party entity id. Also * {@code registrationId} equivalent to the asserting party entity id. Also
* initializes to the contents of the given {@link AssertingPartyMetadata}. * initializes to the contents of the given {@link AssertingPartyMetadata}.
*
* <p>
* Presented as a convenience method when working with
* {@link AssertingPartyMetadataRepository} return values. As such, only supports
* {@link AssertingPartyMetadata} instances of type {@link AssertingPartyDetails}.
* @param metadata the metadata used to initialize the * @param metadata the metadata used to initialize the
* {@link RelyingPartyRegistration} {@link Builder} * {@link RelyingPartyRegistration} {@link Builder}
* @return {@link Builder} to create a {@link RelyingPartyRegistration} object * @return {@link Builder} to create a {@link RelyingPartyRegistration} object
@ -415,43 +386,6 @@ public class RelyingPartyRegistration implements Serializable {
return new Builder(metadata.getEntityId(), metadata.mutate()); return new Builder(metadata.getEntityId(), metadata.mutate());
} }
/**
* Creates a {@code RelyingPartyRegistration} {@link Builder} based on an existing
* object
* @param registration the {@code RelyingPartyRegistration}
* @return {@code Builder} to create a {@code RelyingPartyRegistration} object
* @deprecated Use {@link #mutate()} instead
*/
@Deprecated(forRemoval = true, since = "6.1")
public static Builder withRelyingPartyRegistration(RelyingPartyRegistration registration) {
Assert.notNull(registration, "registration cannot be null");
return withRegistrationId(registration.getRegistrationId()).entityId(registration.getEntityId())
.signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials()))
.decryptionX509Credentials((c) -> c.addAll(registration.getDecryptionX509Credentials()))
.assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation())
.assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding())
.singleLogoutServiceLocation(registration.getSingleLogoutServiceLocation())
.singleLogoutServiceResponseLocation(registration.getSingleLogoutServiceResponseLocation())
.singleLogoutServiceBindings((c) -> c.addAll(registration.getSingleLogoutServiceBindings()))
.nameIdFormat(registration.getNameIdFormat())
.authnRequestsSigned(registration.isAuthnRequestsSigned())
.assertingPartyDetails((assertingParty) -> assertingParty
.entityId(registration.getAssertingPartyDetails().getEntityId())
.wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
.signingAlgorithms((algorithms) -> algorithms
.addAll(registration.getAssertingPartyDetails().getSigningAlgorithms()))
.verificationX509Credentials(
(c) -> c.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials()))
.encryptionX509Credentials(
(c) -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials()))
.singleSignOnServiceLocation(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
.singleSignOnServiceBinding(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
.singleLogoutServiceLocation(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation())
.singleLogoutServiceResponseLocation(
registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation())
.singleLogoutServiceBinding(registration.getAssertingPartyDetails().getSingleLogoutServiceBinding()));
}
/** /**
* The configuration metadata of the Asserting party * The configuration metadata of the Asserting party
* *
@ -1083,21 +1017,6 @@ public class RelyingPartyRegistration implements Serializable {
return this; return this;
} }
/**
* Apply this {@link Consumer} to further configure the Asserting Party details
* @param assertingPartyDetails The {@link Consumer} to apply
* @return the {@link Builder} for further configuration
* @since 5.4
* @deprecated Use {@link #assertingPartyMetadata} instead
*/
@Deprecated(forRemoval = true, since = "6.4")
public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
Assert.isInstanceOf(AssertingPartyDetails.Builder.class, this.assertingPartyMetadataBuilder,
"This class was constructed with an AssertingPartyMetadata instance, as such, please use #assertingPartyMetadata");
assertingPartyDetails.accept((AssertingPartyDetails.Builder) this.assertingPartyMetadataBuilder);
return this;
}
/** /**
* Apply this {@link Consumer} to further configure the Asserting Party metadata * Apply this {@link Consumer} to further configure the Asserting Party metadata
* @param assertingPartyMetadata The {@link Consumer} to apply * @param assertingPartyMetadata The {@link Consumer} to apply

4
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
Unescape View File

@ -996,11 +996,11 @@ public class OpenSaml4AuthenticationProviderTests {
return TestRelyingPartyRegistrations.noCredentials() return TestRelyingPartyRegistrations.noCredentials()
.entityId(RELYING_PARTY_ENTITY_ID) .entityId(RELYING_PARTY_ENTITY_ID)
.assertionConsumerServiceLocation(DESTINATION) .assertionConsumerServiceLocation(DESTINATION)
.assertingPartyDetails((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID)); .assertingPartyMetadata((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }

12
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutRequestValidatorTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,7 @@ public class OpenSaml4LogoutRequestValidatorTests {
@Test @Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() { public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = registration() RelyingPartyRegistration registration = registration()
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build(); .build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration); LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
Saml2LogoutRequest request = redirect(logoutRequest, registration, Saml2LogoutRequest request = redirect(logoutRequest, registration,
@ -167,7 +167,7 @@ public class OpenSaml4LogoutRequestValidatorTests {
private RelyingPartyRegistration.Builder registration() { private RelyingPartyRegistration.Builder registration() {
return signing(verifying(TestRelyingPartyRegistrations.noCredentials())) return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)); .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
} }
private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
@ -176,12 +176,12 @@ public class OpenSaml4LogoutRequestValidatorTests {
} }
private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential()))); .encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential())));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }
@ -213,7 +213,7 @@ public class OpenSaml4LogoutRequestValidatorTests {
private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) { private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) {
TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(), TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(),
registration.getAssertingPartyDetails().getEntityId()); registration.getAssertingPartyMetadata().getEntityId());
} }
private String serialize(XMLObject object) { private String serialize(XMLObject object) {

10
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutResponseValidatorTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -63,7 +63,7 @@ public class OpenSaml4LogoutResponseValidatorTests {
@Test @Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() { public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = signing(verifying(registration())) RelyingPartyRegistration registration = signing(verifying(registration()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build(); .build();
Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
.id("id") .id("id")
@ -150,11 +150,11 @@ public class OpenSaml4LogoutResponseValidatorTests {
private RelyingPartyRegistration.Builder registration() { private RelyingPartyRegistration.Builder registration() {
return signing(verifying(TestRelyingPartyRegistrations.noCredentials())) return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)); .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }
@ -180,7 +180,7 @@ public class OpenSaml4LogoutResponseValidatorTests {
private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) { private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) {
TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(), TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(),
registration.getAssertingPartyDetails().getEntityId()); registration.getAssertingPartyMetadata().getEntityId());
} }
private String serialize(XMLObject object) { private String serialize(XMLObject object) {

12
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidatorTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,7 @@ public class OpenSamlLogoutRequestValidatorTests {
@Test @Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() { public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = registration() RelyingPartyRegistration registration = registration()
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build(); .build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration); LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
Saml2LogoutRequest request = redirect(logoutRequest, registration, Saml2LogoutRequest request = redirect(logoutRequest, registration,
@ -167,7 +167,7 @@ public class OpenSamlLogoutRequestValidatorTests {
private RelyingPartyRegistration.Builder registration() { private RelyingPartyRegistration.Builder registration() {
return signing(verifying(TestRelyingPartyRegistrations.noCredentials())) return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)); .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
} }
private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
@ -176,12 +176,12 @@ public class OpenSamlLogoutRequestValidatorTests {
} }
private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential()))); .encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential())));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }
@ -213,7 +213,7 @@ public class OpenSamlLogoutRequestValidatorTests {
private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) { private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) {
TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(), TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(),
registration.getAssertingPartyDetails().getEntityId()); registration.getAssertingPartyMetadata().getEntityId());
} }
private String serialize(XMLObject object) { private String serialize(XMLObject object) {

10
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidatorTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -63,7 +63,7 @@ public class OpenSamlLogoutResponseValidatorTests {
@Test @Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() { public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = signing(verifying(registration())) RelyingPartyRegistration registration = signing(verifying(registration()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build(); .build();
Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
.id("id") .id("id")
@ -150,11 +150,11 @@ public class OpenSamlLogoutResponseValidatorTests {
private RelyingPartyRegistration.Builder registration() { private RelyingPartyRegistration.Builder registration() {
return signing(verifying(TestRelyingPartyRegistrations.noCredentials())) return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)); .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }
@ -180,7 +180,7 @@ public class OpenSamlLogoutResponseValidatorTests {
private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) { private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) {
TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(), TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(),
registration.getAssertingPartyDetails().getEntityId()); registration.getAssertingPartyMetadata().getEntityId());
} }
private String serialize(XMLObject object) { private String serialize(XMLObject object) {

4
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml4MetadataResolverTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,7 @@ public class OpenSaml4MetadataResolverTests {
@Test @Test
public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() { public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
.assertingPartyDetails((party) -> party .assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
OpenSaml4MetadataResolver OpenSaml4MetadataResolver = new OpenSaml4MetadataResolver(); OpenSaml4MetadataResolver OpenSaml4MetadataResolver = new OpenSaml4MetadataResolver();

4
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,7 @@ public class OpenSamlMetadataResolverTests {
@Test @Test
public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() { public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
.assertingPartyDetails((party) -> party .assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver(); OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();

10
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepositoryTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -224,7 +224,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
.withTrustedMetadataLocation(web.url(endpoint).toString()) .withTrustedMetadataLocation(web.url(endpoint).toString())
.verificationCredentials((c) -> c.add(credential)) .verificationCredentials((c) -> c.add(credential))
.build(); .build();
assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull(); assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
} }
@Test @Test
@ -256,7 +256,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
AssertingPartyMetadataRepository parties = OpenSaml4AssertingPartyMetadataRepository AssertingPartyMetadataRepository parties = OpenSaml4AssertingPartyMetadataRepository
.withTrustedMetadataLocation(web.url(endpoint).toString()) .withTrustedMetadataLocation(web.url(endpoint).toString())
.build(); .build();
assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull(); assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
} }
@Test @Test
@ -295,7 +295,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
AssertingPartyMetadataRepository parties = new OpenSaml4AssertingPartyMetadataRepository(resolver); AssertingPartyMetadataRepository parties = new OpenSaml4AssertingPartyMetadataRepository(resolver);
parties.iterator() parties.iterator()
.forEachRemaining((p) -> assertThat(p.getEntityId()) .forEachRemaining((p) -> assertThat(p.getEntityId())
.isEqualTo(registration.getAssertingPartyDetails().getEntityId())); .isEqualTo(registration.getAssertingPartyMetadata().getEntityId()));
verify(((IterableMetadataSource) resolver)).iterator(); verify(((IterableMetadataSource) resolver)).iterator();
} }
@ -336,7 +336,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
.withMetadataLocation(web.url(endpoint).toString()) .withMetadataLocation(web.url(endpoint).toString())
.verificationCredentials((c) -> c.add(credential)) .verificationCredentials((c) -> c.add(credential))
.build(); .build();
assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull(); assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
} }
private static String serialize(XMLObject object) { private static String serialize(XMLObject object) {

10
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -56,13 +56,13 @@ public class OpenSaml4AuthenticationRequestResolverTests {
Saml2RedirectAuthenticationRequest authnRequest = resolver.resolve(this.request); Saml2RedirectAuthenticationRequest authnRequest = resolver.resolve(this.request);
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(authnRequest.getAuthenticationRequestUri()) assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); .isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }
@Test @Test
void resolveWhenPostThenSaml2PostAuthenticationRequest() { void resolveWhenPostThenSaml2PostAuthenticationRequest() {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST))
.build(); .build();
RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class); RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class);
given(relyingParties.resolve(any(), any())).willReturn(registration); given(relyingParties.resolve(any(), any())).willReturn(registration);
@ -70,7 +70,7 @@ public class OpenSaml4AuthenticationRequestResolverTests {
Saml2PostAuthenticationRequest authnRequest = resolver.resolve(this.request); Saml2PostAuthenticationRequest authnRequest = resolver.resolve(this.request);
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.POST);
assertThat(authnRequest.getAuthenticationRequestUri()) assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); .isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }
@Test @Test
@ -97,7 +97,7 @@ public class OpenSaml4AuthenticationRequestResolverTests {
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(authnRequest.getAuthenticationRequestUri()) assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); .isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }

4
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4SigningUtilsTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -56,7 +56,7 @@ public class OpenSaml4SigningUtilsTests {
c.add(TestSaml2X509Credentials.relyingPartySigningCredential()); c.add(TestSaml2X509Credentials.relyingPartySigningCredential());
c.add(TestSaml2X509Credentials.assertingPartySigningCredential()); c.add(TestSaml2X509Credentials.assertingPartySigningCredential());
}) })
.assertingPartyDetails((c) -> c.entityId("https://some.idp.example.com/entity-id") .assertingPartyMetadata((c) -> c.entityId("https://some.idp.example.com/entity-id")
.singleSignOnServiceLocation("https://some.idp.example.com/service-location")) .singleSignOnServiceLocation("https://some.idp.example.com/service-location"))
.build(); .build();
} }

2
saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolverTests.java
Unescape View File

@ -65,7 +65,7 @@ public class OpenSaml4LogoutResponseResolverTests {
logoutResponseResolver.setParametersConsumer(parametersConsumer); logoutResponseResolver.setParametersConsumer(parametersConsumer);
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
.assertingPartyDetails( .assertingPartyMetadata(
(party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout")) (party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout"))
.build(); .build();
Authentication authentication = new TestingAuthenticationToken("user", "password"); Authentication authentication = new TestingAuthenticationToken("user", "password");

4
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java
Unescape View File

@ -1082,11 +1082,11 @@ public class OpenSaml5AuthenticationProviderTests {
return TestRelyingPartyRegistrations.noCredentials() return TestRelyingPartyRegistrations.noCredentials()
.entityId(RELYING_PARTY_ENTITY_ID) .entityId(RELYING_PARTY_ENTITY_ID)
.assertionConsumerServiceLocation(DESTINATION) .assertionConsumerServiceLocation(DESTINATION)
.assertingPartyDetails((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID)); .assertingPartyMetadata((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }

12
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutRequestValidatorTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,7 @@ public class OpenSaml5LogoutRequestValidatorTests {
@Test @Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() { public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = registration() RelyingPartyRegistration registration = registration()
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build(); .build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration); LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
Saml2LogoutRequest request = redirect(logoutRequest, registration, Saml2LogoutRequest request = redirect(logoutRequest, registration,
@ -167,7 +167,7 @@ public class OpenSaml5LogoutRequestValidatorTests {
private RelyingPartyRegistration.Builder registration() { private RelyingPartyRegistration.Builder registration() {
return signing(verifying(TestRelyingPartyRegistrations.noCredentials())) return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)); .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
} }
private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
@ -176,12 +176,12 @@ public class OpenSaml5LogoutRequestValidatorTests {
} }
private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential()))); .encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential())));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }
@ -213,7 +213,7 @@ public class OpenSaml5LogoutRequestValidatorTests {
private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) { private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) {
TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(), TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(),
registration.getAssertingPartyDetails().getEntityId()); registration.getAssertingPartyMetadata().getEntityId());
} }
private String serialize(XMLObject object) { private String serialize(XMLObject object) {

10
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutResponseValidatorTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -63,7 +63,7 @@ public class OpenSaml5LogoutResponseValidatorTests {
@Test @Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() { public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = signing(verifying(registration())) RelyingPartyRegistration registration = signing(verifying(registration()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build(); .build();
Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
.id("id") .id("id")
@ -150,11 +150,11 @@ public class OpenSaml5LogoutResponseValidatorTests {
private RelyingPartyRegistration.Builder registration() { private RelyingPartyRegistration.Builder registration() {
return signing(verifying(TestRelyingPartyRegistrations.noCredentials())) return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)); .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
} }
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) { private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
return builder.assertingPartyDetails((party) -> party return builder.assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))); .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
} }
@ -180,7 +180,7 @@ public class OpenSaml5LogoutResponseValidatorTests {
private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) { private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) {
TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(), TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(),
registration.getAssertingPartyDetails().getEntityId()); registration.getAssertingPartyMetadata().getEntityId());
} }
private String serialize(XMLObject object) { private String serialize(XMLObject object) {

4
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml5MetadataResolverTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,7 @@ public class OpenSaml5MetadataResolverTests {
@Test @Test
public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() { public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
.assertingPartyDetails((party) -> party .assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
OpenSaml5MetadataResolver OpenSaml4MetadataResolver = new OpenSaml5MetadataResolver(); OpenSaml5MetadataResolver OpenSaml4MetadataResolver = new OpenSaml5MetadataResolver();

10
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepositoryTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -224,7 +224,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
.withTrustedMetadataLocation(web.url(endpoint).toString()) .withTrustedMetadataLocation(web.url(endpoint).toString())
.verificationCredentials((c) -> c.add(credential)) .verificationCredentials((c) -> c.add(credential))
.build(); .build();
assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull(); assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
} }
@Test @Test
@ -256,7 +256,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
AssertingPartyMetadataRepository parties = OpenSaml5AssertingPartyMetadataRepository AssertingPartyMetadataRepository parties = OpenSaml5AssertingPartyMetadataRepository
.withTrustedMetadataLocation(web.url(endpoint).toString()) .withTrustedMetadataLocation(web.url(endpoint).toString())
.build(); .build();
assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull(); assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
} }
@Test @Test
@ -295,7 +295,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
AssertingPartyMetadataRepository parties = new OpenSaml5AssertingPartyMetadataRepository(resolver); AssertingPartyMetadataRepository parties = new OpenSaml5AssertingPartyMetadataRepository(resolver);
parties.iterator() parties.iterator()
.forEachRemaining((p) -> assertThat(p.getEntityId()) .forEachRemaining((p) -> assertThat(p.getEntityId())
.isEqualTo(registration.getAssertingPartyDetails().getEntityId())); .isEqualTo(registration.getAssertingPartyMetadata().getEntityId()));
verify(((IterableMetadataSource) resolver)).iterator(); verify(((IterableMetadataSource) resolver)).iterator();
} }
@ -336,7 +336,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
.withMetadataLocation(web.url(endpoint).toString()) .withMetadataLocation(web.url(endpoint).toString())
.verificationCredentials((c) -> c.add(credential)) .verificationCredentials((c) -> c.add(credential))
.build(); .build();
assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull(); assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
} }
private static String serialize(XMLObject object) { private static String serialize(XMLObject object) {

10
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -56,13 +56,13 @@ public class OpenSaml5AuthenticationRequestResolverTests {
Saml2RedirectAuthenticationRequest authnRequest = resolver.resolve(this.request); Saml2RedirectAuthenticationRequest authnRequest = resolver.resolve(this.request);
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(authnRequest.getAuthenticationRequestUri()) assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); .isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }
@Test @Test
void resolveWhenPostThenSaml2PostAuthenticationRequest() { void resolveWhenPostThenSaml2PostAuthenticationRequest() {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST))
.build(); .build();
RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class); RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class);
given(relyingParties.resolve(any(), any())).willReturn(registration); given(relyingParties.resolve(any(), any())).willReturn(registration);
@ -70,7 +70,7 @@ public class OpenSaml5AuthenticationRequestResolverTests {
Saml2PostAuthenticationRequest authnRequest = resolver.resolve(this.request); Saml2PostAuthenticationRequest authnRequest = resolver.resolve(this.request);
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.POST);
assertThat(authnRequest.getAuthenticationRequestUri()) assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); .isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }
@Test @Test
@ -97,7 +97,7 @@ public class OpenSaml5AuthenticationRequestResolverTests {
assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(authnRequest.getAuthenticationRequestUri()) assertThat(authnRequest.getAuthenticationRequestUri())
.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); .isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
} }

4
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5SigningUtilsTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -56,7 +56,7 @@ public class OpenSaml5SigningUtilsTests {
c.add(TestSaml2X509Credentials.relyingPartySigningCredential()); c.add(TestSaml2X509Credentials.relyingPartySigningCredential());
c.add(TestSaml2X509Credentials.assertingPartySigningCredential()); c.add(TestSaml2X509Credentials.assertingPartySigningCredential());
}) })
.assertingPartyDetails((c) -> c.entityId("https://some.idp.example.com/entity-id") .assertingPartyMetadata((c) -> c.entityId("https://some.idp.example.com/entity-id")
.singleSignOnServiceLocation("https://some.idp.example.com/service-location")) .singleSignOnServiceLocation("https://some.idp.example.com/service-location"))
.build(); .build();
} }

4
saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml5LogoutResponseResolverTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -56,7 +56,7 @@ public class OpenSaml5LogoutResponseResolverTests {
logoutResponseResolver.setParametersConsumer(parametersConsumer); logoutResponseResolver.setParametersConsumer(parametersConsumer);
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
.assertingPartyDetails( .assertingPartyMetadata(
(party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout")) (party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout"))
.build(); .build();
Authentication authentication = new TestingAuthenticationToken("user", "password"); Authentication authentication = new TestingAuthenticationToken("user", "password");

8
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/TestSaml2JsonPayloads.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -147,7 +147,7 @@ final class TestSaml2JsonPayloads {
return Saml2PostAuthenticationRequest return Saml2PostAuthenticationRequest
.withRelyingPartyRegistration(TestRelyingPartyRegistrations.full() .withRelyingPartyRegistration(TestRelyingPartyRegistrations.full()
.registrationId(RELYINGPARTY_REGISTRATION_ID) .registrationId(RELYINGPARTY_REGISTRATION_ID)
.assertingPartyDetails((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI)) .assertingPartyMetadata((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI))
.build()) .build())
.samlRequest(SAML_REQUEST) .samlRequest(SAML_REQUEST)
.relayState(RELAY_STATE) .relayState(RELAY_STATE)
@ -159,7 +159,7 @@ final class TestSaml2JsonPayloads {
return Saml2RedirectAuthenticationRequest return Saml2RedirectAuthenticationRequest
.withRelyingPartyRegistration(TestRelyingPartyRegistrations.full() .withRelyingPartyRegistration(TestRelyingPartyRegistrations.full()
.registrationId(RELYINGPARTY_REGISTRATION_ID) .registrationId(RELYINGPARTY_REGISTRATION_ID)
.assertingPartyDetails((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI)) .assertingPartyMetadata((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI))
.build()) .build())
.samlRequest(SAML_REQUEST) .samlRequest(SAML_REQUEST)
.relayState(RELAY_STATE) .relayState(RELAY_STATE)
@ -173,7 +173,7 @@ final class TestSaml2JsonPayloads {
return Saml2LogoutRequest return Saml2LogoutRequest
.withRelyingPartyRegistration(TestRelyingPartyRegistrations.full() .withRelyingPartyRegistration(TestRelyingPartyRegistrations.full()
.registrationId(RELYINGPARTY_REGISTRATION_ID) .registrationId(RELYINGPARTY_REGISTRATION_ID)
.assertingPartyDetails((party) -> party.singleLogoutServiceLocation(LOCATION) .assertingPartyMetadata((party) -> party.singleLogoutServiceLocation(LOCATION)
.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)) .singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
.build()) .build())
.id(ID) .id(ID)

18
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -416,7 +416,7 @@ public final class TestOpenSamlObjects {
logoutRequest.setNameID(nameId); logoutRequest.setNameID(nameId);
IssuerBuilder issuerBuilder = new IssuerBuilder(); IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject(); Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(registration.getAssertingPartyDetails().getEntityId()); issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
logoutRequest.setIssuer(issuer); logoutRequest.setIssuer(issuer);
logoutRequest.setDestination(registration.getSingleLogoutServiceLocation()); logoutRequest.setDestination(registration.getSingleLogoutServiceLocation());
return logoutRequest; return logoutRequest;
@ -430,7 +430,7 @@ public final class TestOpenSamlObjects {
NameID nameId = nameIdBuilder.buildObject(); NameID nameId = nameIdBuilder.buildObject();
nameId.setValue("user"); nameId.setValue("user");
logoutRequest.setNameID(null); logoutRequest.setNameID(null);
Saml2X509Credential credential = registration.getAssertingPartyDetails() Saml2X509Credential credential = registration.getAssertingPartyMetadata()
.getEncryptionX509Credentials() .getEncryptionX509Credentials()
.iterator() .iterator()
.next(); .next();
@ -438,7 +438,7 @@ public final class TestOpenSamlObjects {
logoutRequest.setEncryptedID(encrypted); logoutRequest.setEncryptedID(encrypted);
IssuerBuilder issuerBuilder = new IssuerBuilder(); IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject(); Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(registration.getAssertingPartyDetails().getEntityId()); issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
logoutRequest.setIssuer(issuer); logoutRequest.setIssuer(issuer);
logoutRequest.setDestination(registration.getSingleLogoutServiceLocation()); logoutRequest.setDestination(registration.getSingleLogoutServiceLocation());
return logoutRequest; return logoutRequest;
@ -457,7 +457,7 @@ public final class TestOpenSamlObjects {
logoutResponse.setStatus(status); logoutResponse.setStatus(status);
IssuerBuilder issuerBuilder = new IssuerBuilder(); IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject(); Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(registration.getAssertingPartyDetails().getEntityId()); issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
logoutResponse.setIssuer(issuer); logoutResponse.setIssuer(issuer);
logoutResponse.setDestination(registration.getSingleLogoutServiceResponseLocation()); logoutResponse.setDestination(registration.getSingleLogoutServiceResponseLocation());
return logoutResponse; return logoutResponse;
@ -473,23 +473,23 @@ public final class TestOpenSamlObjects {
logoutRequest.setNameID(nameId); logoutRequest.setNameID(nameId);
IssuerBuilder issuerBuilder = new IssuerBuilder(); IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject(); Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(registration.getAssertingPartyDetails().getEntityId()); issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
logoutRequest.setIssuer(issuer); logoutRequest.setIssuer(issuer);
logoutRequest.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation()); logoutRequest.setDestination(registration.getAssertingPartyMetadata().getSingleLogoutServiceLocation());
return logoutRequest; return logoutRequest;
} }
public static EntityDescriptor entityDescriptor(RelyingPartyRegistration registration) { public static EntityDescriptor entityDescriptor(RelyingPartyRegistration registration) {
EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder(); EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject(); EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(registration.getAssertingPartyDetails().getEntityId()); entityDescriptor.setEntityID(registration.getAssertingPartyMetadata().getEntityId());
IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder(); IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder();
IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject(); IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder(); SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder();
SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject(); SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject();
singleSignOnService.setBinding(Saml2MessageBinding.POST.getUrn()); singleSignOnService.setBinding(Saml2MessageBinding.POST.getUrn());
singleSignOnService.setLocation(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()); singleSignOnService.setLocation(registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService); idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
KeyDescriptorBuilder keyDescriptorBuilder = new KeyDescriptorBuilder(); KeyDescriptorBuilder keyDescriptorBuilder = new KeyDescriptorBuilder();
KeyDescriptor keyDescriptor = keyDescriptorBuilder.buildObject(); KeyDescriptor keyDescriptor = keyDescriptorBuilder.buildObject();

6
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepositoryTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -47,7 +47,7 @@ public class InMemoryRelyingPartyRegistrationRepositoryTests {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build(); RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build();
InMemoryRelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository( InMemoryRelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository(
registration); registration);
String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId(); String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
assertThat(registrations.findUniqueByAssertingPartyEntityId(assertingPartyEntityId)).isEqualTo(registration); assertThat(registrations.findUniqueByAssertingPartyEntityId(assertingPartyEntityId)).isEqualTo(registration);
} }
@ -56,7 +56,7 @@ public class InMemoryRelyingPartyRegistrationRepositoryTests {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build(); RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build();
InMemoryRelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository( InMemoryRelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository(
registration); registration);
String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId(); String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
assertThat(registrations.findUniqueByAssertingPartyEntityId(assertingPartyEntityId + "wrong")).isNull(); assertThat(registrations.findUniqueByAssertingPartyEntityId(assertingPartyEntityId + "wrong")).isNull();
} }

8
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2020 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -102,7 +102,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response) RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
.registrationId("one") .registrationId("one")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getWantAuthnRequestsSigned()).isFalse(); assertThat(details.getWantAuthnRequestsSigned()).isFalse();
assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location"); assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
@ -128,7 +128,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response) RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
.registrationId("one") .registrationId("one")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getWantAuthnRequestsSigned()).isFalse(); assertThat(details.getWantAuthnRequestsSigned()).isFalse();
assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location"); assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
@ -149,7 +149,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response) RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
.registrationId("one") .registrationId("one")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate()) assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate())
.isEqualTo(x509Certificate(CERTIFICATE)); .isEqualTo(x509Certificate(CERTIFICATE));
assertThat(details.getEncryptionX509Credentials()).hasSize(1); assertThat(details.getEncryptionX509Credentials()).hasSize(1);

73
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -24,7 +24,6 @@ import org.junit.jupiter.api.Test;
import org.springframework.security.saml2.core.Saml2X509Credential; import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.core.TestSaml2X509Credentials; import org.springframework.security.saml2.core.TestSaml2X509Credentials;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter; import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -37,12 +36,12 @@ public class RelyingPartyRegistrationTests {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
.nameIdFormat("format") .nameIdFormat("format")
.authnRequestsSigned(true) .authnRequestsSigned(true)
.assertingPartyDetails((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
.assertingPartyDetails((a) -> a.wantAuthnRequestsSigned(false)) .assertingPartyMetadata((a) -> a.wantAuthnRequestsSigned(false))
.assertingPartyDetails((a) -> a.signingAlgorithms((algs) -> algs.add("alg"))) .assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT) .assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
.build(); .build();
RelyingPartyRegistration copy = RelyingPartyRegistration.withRelyingPartyRegistration(registration).build(); RelyingPartyRegistration copy = registration.mutate().build();
compareRegistrations(registration, copy); compareRegistrations(registration, copy);
} }
@ -50,9 +49,9 @@ public class RelyingPartyRegistrationTests {
void mutateWhenInvokedThenCreatesCopy() { void mutateWhenInvokedThenCreatesCopy() {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
.nameIdFormat("format") .nameIdFormat("format")
.assertingPartyDetails((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
.assertingPartyDetails((a) -> a.wantAuthnRequestsSigned(false)) .assertingPartyMetadata((a) -> a.wantAuthnRequestsSigned(false))
.assertingPartyDetails((a) -> a.signingAlgorithms((algs) -> algs.add("alg"))) .assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT) .assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
.build(); .build();
RelyingPartyRegistration copy = registration.mutate().build(); RelyingPartyRegistration copy = registration.mutate().build();
@ -61,8 +60,8 @@ public class RelyingPartyRegistrationTests {
private void compareRegistrations(RelyingPartyRegistration registration, RelyingPartyRegistration copy) { private void compareRegistrations(RelyingPartyRegistration registration, RelyingPartyRegistration copy) {
assertThat(copy.getRegistrationId()).isEqualTo(registration.getRegistrationId()).isEqualTo("simplesamlphp"); assertThat(copy.getRegistrationId()).isEqualTo(registration.getRegistrationId()).isEqualTo("simplesamlphp");
assertThat(copy.getAssertingPartyDetails().getEntityId()) assertThat(copy.getAssertingPartyMetadata().getEntityId())
.isEqualTo(registration.getAssertingPartyDetails().getEntityId()) .isEqualTo(registration.getAssertingPartyMetadata().getEntityId())
.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php");
assertThat(copy.getAssertionConsumerServiceLocation()) assertThat(copy.getAssertionConsumerServiceLocation())
.isEqualTo(registration.getAssertionConsumerServiceLocation()) .isEqualTo(registration.getAssertionConsumerServiceLocation())
@ -73,25 +72,25 @@ public class RelyingPartyRegistrationTests {
.isEqualTo(copy.getEntityId()) .isEqualTo(copy.getEntityId())
.isEqualTo(registration.getEntityId()) .isEqualTo(registration.getEntityId())
.isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}"); .isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}");
assertThat(copy.getAssertingPartyDetails().getSingleSignOnServiceLocation()) assertThat(copy.getAssertingPartyMetadata().getSingleSignOnServiceLocation())
.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()) .isEqualTo(registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation())
.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php");
assertThat(copy.getAssertingPartyDetails().getSingleSignOnServiceBinding()) assertThat(copy.getAssertingPartyMetadata().getSingleSignOnServiceBinding())
.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) .isEqualTo(registration.getAssertingPartyMetadata().getSingleSignOnServiceBinding())
.isEqualTo(Saml2MessageBinding.POST); .isEqualTo(Saml2MessageBinding.POST);
assertThat(copy.getAssertingPartyDetails().getWantAuthnRequestsSigned()) assertThat(copy.getAssertingPartyMetadata().getWantAuthnRequestsSigned())
.isEqualTo(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) .isEqualTo(registration.getAssertingPartyMetadata().getWantAuthnRequestsSigned())
.isFalse(); .isFalse();
assertThat(copy.getAssertionConsumerServiceBinding()) assertThat(copy.getAssertionConsumerServiceBinding())
.isEqualTo(registration.getAssertionConsumerServiceBinding()); .isEqualTo(registration.getAssertionConsumerServiceBinding());
assertThat(copy.getDecryptionX509Credentials()).isEqualTo(registration.getDecryptionX509Credentials()); assertThat(copy.getDecryptionX509Credentials()).isEqualTo(registration.getDecryptionX509Credentials());
assertThat(copy.getSigningX509Credentials()).isEqualTo(registration.getSigningX509Credentials()); assertThat(copy.getSigningX509Credentials()).isEqualTo(registration.getSigningX509Credentials());
assertThat(copy.getAssertingPartyDetails().getEncryptionX509Credentials()) assertThat(copy.getAssertingPartyMetadata().getEncryptionX509Credentials())
.isEqualTo(registration.getAssertingPartyDetails().getEncryptionX509Credentials()); .isEqualTo(registration.getAssertingPartyMetadata().getEncryptionX509Credentials());
assertThat(copy.getAssertingPartyDetails().getVerificationX509Credentials()) assertThat(copy.getAssertingPartyMetadata().getVerificationX509Credentials())
.isEqualTo(registration.getAssertingPartyDetails().getVerificationX509Credentials()); .isEqualTo(registration.getAssertingPartyMetadata().getVerificationX509Credentials());
assertThat(copy.getAssertingPartyDetails().getSigningAlgorithms()) assertThat(copy.getAssertingPartyMetadata().getSigningAlgorithms())
.isEqualTo(registration.getAssertingPartyDetails().getSigningAlgorithms()); .isEqualTo(registration.getAssertingPartyMetadata().getSigningAlgorithms());
assertThat(copy.getNameIdFormat()).isEqualTo(registration.getNameIdFormat()); assertThat(copy.getNameIdFormat()).isEqualTo(registration.getNameIdFormat());
assertThat(copy.isAuthnRequestsSigned()).isEqualTo(registration.isAuthnRequestsSigned()); assertThat(copy.isAuthnRequestsSigned()).isEqualTo(registration.isAuthnRequestsSigned());
} }
@ -101,7 +100,7 @@ public class RelyingPartyRegistrationTests {
RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("id") RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("id")
.entityId("entity-id") .entityId("entity-id")
.assertionConsumerServiceLocation("location") .assertionConsumerServiceLocation("location")
.assertingPartyDetails((assertingParty) -> assertingParty.entityId("entity-id") .assertingPartyMetadata((assertingParty) -> assertingParty.entityId("entity-id")
.singleSignOnServiceLocation("location") .singleSignOnServiceLocation("location")
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
@ -119,7 +118,7 @@ public class RelyingPartyRegistrationTests {
// Test with the alt credentials first // Test with the alt credentials first
RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
.assertingPartyDetails((assertingParty) -> assertingParty.verificationX509Credentials((c) -> { .assertingPartyMetadata((assertingParty) -> assertingParty.verificationX509Credentials((c) -> {
c.add(altApCredential); c.add(altApCredential);
c.add(verifyingCredential); c.add(verifyingCredential);
}).encryptionX509Credentials((c) -> { }).encryptionX509Credentials((c) -> {
@ -139,14 +138,14 @@ public class RelyingPartyRegistrationTests {
signingCredential); signingCredential);
assertThat(relyingPartyRegistration.getDecryptionX509Credentials()).containsExactly(altRpCredential, assertThat(relyingPartyRegistration.getDecryptionX509Credentials()).containsExactly(altRpCredential,
decryptionCredential); decryptionCredential);
assertThat(relyingPartyRegistration.getAssertingPartyDetails().getVerificationX509Credentials()) assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getVerificationX509Credentials())
.containsExactly(altApCredential, verifyingCredential); .containsExactly(altApCredential, verifyingCredential);
assertThat(relyingPartyRegistration.getAssertingPartyDetails().getEncryptionX509Credentials()) assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getEncryptionX509Credentials())
.containsExactly(altApCredential, encryptingCredential); .containsExactly(altApCredential, encryptingCredential);
// Test with the alt credentials last // Test with the alt credentials last
relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
.assertingPartyDetails((assertingParty) -> assertingParty.verificationX509Credentials((c) -> { .assertingPartyMetadata((assertingParty) -> assertingParty.verificationX509Credentials((c) -> {
c.add(verifyingCredential); c.add(verifyingCredential);
c.add(altApCredential); c.add(altApCredential);
}).encryptionX509Credentials((c) -> { }).encryptionX509Credentials((c) -> {
@ -166,9 +165,9 @@ public class RelyingPartyRegistrationTests {
altRpCredential); altRpCredential);
assertThat(relyingPartyRegistration.getDecryptionX509Credentials()).containsExactly(decryptionCredential, assertThat(relyingPartyRegistration.getDecryptionX509Credentials()).containsExactly(decryptionCredential,
altRpCredential); altRpCredential);
assertThat(relyingPartyRegistration.getAssertingPartyDetails().getVerificationX509Credentials()) assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getVerificationX509Credentials())
.containsExactly(verifyingCredential, altApCredential); .containsExactly(verifyingCredential, altApCredential);
assertThat(relyingPartyRegistration.getAssertingPartyDetails().getEncryptionX509Credentials()) assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getEncryptionX509Credentials())
.containsExactly(encryptingCredential, altApCredential); .containsExactly(encryptingCredential, altApCredential);
} }
@ -203,10 +202,12 @@ public class RelyingPartyRegistrationTests {
AssertingPartyMetadata metadata = new CustomAssertingPartyMetadata(); AssertingPartyMetadata metadata = new CustomAssertingPartyMetadata();
assertThatExceptionOfType(IllegalArgumentException.class) assertThatExceptionOfType(IllegalArgumentException.class)
.isThrownBy(() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata) .isThrownBy(() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata)
.assertingPartyDetails((a) -> a.entityId("entity-id")) .assertingPartyMetadata((a) -> a.entityId("entity-id"))
.build()); .build());
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy( assertThatExceptionOfType(IllegalArgumentException.class)
() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata).build().getAssertingPartyDetails()); .isThrownBy(() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata)
.build()
.getAssertingPartyMetadata());
} }
@Test @Test
@ -218,9 +219,9 @@ public class RelyingPartyRegistrationTests {
.assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg"))) .assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT) .assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
.build(); .build();
AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
RelyingPartyRegistration copied = RelyingPartyRegistration.withAssertingPartyDetails(details) RelyingPartyRegistration copied = RelyingPartyRegistration.withAssertingPartyMetadata(details)
.assertingPartyDetails((a) -> a.entityId(details.getEntityId())) .assertingPartyMetadata((a) -> a.entityId(details.getEntityId()))
.registrationId(registration.getRegistrationId()) .registrationId(registration.getRegistrationId())
.entityId(registration.getEntityId()) .entityId(registration.getEntityId())
.signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials())) .signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials()))

20
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -65,7 +65,7 @@ public class RelyingPartyRegistrationsTests {
.fromMetadataLocation(server.url("/").toString()) .fromMetadataLocation(server.url("/").toString())
.entityId("rp") .entityId("rp")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -103,7 +103,7 @@ public class RelyingPartyRegistrationsTests {
.fromMetadataLocation("file:" + file.getAbsolutePath()) .fromMetadataLocation("file:" + file.getAbsolutePath())
.entityId("rp") .entityId("rp")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -124,7 +124,7 @@ public class RelyingPartyRegistrationsTests {
RelyingPartyRegistration registration = RelyingPartyRegistrations.fromMetadata(source) RelyingPartyRegistration registration = RelyingPartyRegistrations.fromMetadata(source)
.entityId("rp") .entityId("rp")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -153,7 +153,7 @@ public class RelyingPartyRegistrationsTests {
.collect(Collectors.toList()); .collect(Collectors.toList());
assertThat(registrations).hasSize(2); assertThat(registrations).hasSize(2);
RelyingPartyRegistration first = registrations.get(0); RelyingPartyRegistration first = registrations.get(0);
RelyingPartyRegistration.AssertingPartyDetails details = first.getAssertingPartyDetails(); AssertingPartyMetadata details = first.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -161,7 +161,7 @@ public class RelyingPartyRegistrationsTests {
assertThat(details.getVerificationX509Credentials()).hasSize(1); assertThat(details.getVerificationX509Credentials()).hasSize(1);
assertThat(details.getEncryptionX509Credentials()).hasSize(1); assertThat(details.getEncryptionX509Credentials()).hasSize(1);
RelyingPartyRegistration second = registrations.get(1); RelyingPartyRegistration second = registrations.get(1);
details = second.getAssertingPartyDetails(); details = second.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://ap.example.org/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://ap.example.org/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://ap.example.org/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://ap.example.org/idp/profile/SAML2/POST/SSO");
@ -201,7 +201,7 @@ public class RelyingPartyRegistrationsTests {
.map((r) -> r.entityId("rp").build()) .map((r) -> r.entityId("rp").build())
.findFirst() .findFirst()
.get(); .get();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -219,7 +219,7 @@ public class RelyingPartyRegistrationsTests {
.map((r) -> r.entityId("rp").build()) .map((r) -> r.entityId("rp").build())
.findFirst() .findFirst()
.get(); .get();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -242,7 +242,7 @@ public class RelyingPartyRegistrationsTests {
.map((r) -> r.entityId("rp").build()) .map((r) -> r.entityId("rp").build())
.findFirst() .findFirst()
.get(); .get();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth"); assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
assertThat(details.getSingleSignOnServiceLocation()) assertThat(details.getSingleSignOnServiceLocation())
.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO"); .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
@ -261,7 +261,7 @@ public class RelyingPartyRegistrationsTests {
.fromMetadataLocation(server.url("/").toString()) .fromMetadataLocation(server.url("/").toString())
.entityId("rp") .entityId("rp")
.build(); .build();
RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails(); AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
assertThat(registration.getRegistrationId()).isEqualTo(details.getEntityId()); assertThat(registration.getRegistrationId()).isEqualTo(details.getEntityId());
assertThat(registration).isInstanceOf(OpenSamlRelyingPartyRegistration.class); assertThat(registration).isInstanceOf(OpenSamlRelyingPartyRegistration.class);
} }

8
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -44,7 +44,7 @@ public final class TestRelyingPartyRegistrations {
.assertionConsumerServiceLocation(assertionConsumerServiceLocation) .assertionConsumerServiceLocation(assertionConsumerServiceLocation)
.singleLogoutServiceLocation(singleLogoutServiceLocation) .singleLogoutServiceLocation(singleLogoutServiceLocation)
.signingX509Credentials((c) -> c.add(signingCredential)) .signingX509Credentials((c) -> c.add(signingCredential))
.assertingPartyDetails((a) -> a.entityId(apEntityId) .assertingPartyMetadata((a) -> a.entityId(apEntityId)
.singleSignOnServiceLocation(singleSignOnServiceLocation) .singleSignOnServiceLocation(singleSignOnServiceLocation)
.verificationX509Credentials((c) -> c.add(verificationCertificate))); .verificationX509Credentials((c) -> c.add(verificationCertificate)));
} }
@ -55,7 +55,7 @@ public final class TestRelyingPartyRegistrations {
.singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request") .singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request")
.singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response") .singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response")
.assertionConsumerServiceLocation("https://rp.example.org/acs") .assertionConsumerServiceLocation("https://rp.example.org/acs")
.assertingPartyDetails((party) -> party.entityId("ap-entity-id") .assertingPartyMetadata((party) -> party.entityId("ap-entity-id")
.singleSignOnServiceLocation("https://ap.example.org/sso") .singleSignOnServiceLocation("https://ap.example.org/sso")
.singleLogoutServiceLocation("https://ap.example.org/logout/saml2/request") .singleLogoutServiceLocation("https://ap.example.org/logout/saml2/request")
.singleLogoutServiceResponseLocation("https://ap.example.org/logout/saml2/response")); .singleLogoutServiceResponseLocation("https://ap.example.org/logout/saml2/response"));
@ -67,7 +67,7 @@ public final class TestRelyingPartyRegistrations {
.add(org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartySigningCredential())) .add(org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartySigningCredential()))
.decryptionX509Credentials((c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials .decryptionX509Credentials((c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
.relyingPartyDecryptingCredential())) .relyingPartyDecryptingCredential()))
.assertingPartyDetails((party) -> party.verificationX509Credentials( .assertingPartyMetadata((party) -> party.verificationX509Credentials(
(c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials (c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
.relyingPartyVerifyingCredential()))); .relyingPartyVerifyingCredential())));
} }

4
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -100,7 +100,7 @@ public class Saml2MetadataFilterTests {
public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception { public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception {
MockHttpServletRequest request = uri("/saml2/service-provider-metadata/validRegistration"); MockHttpServletRequest request = uri("/saml2/service-provider-metadata/validRegistration");
RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials() RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials()
.assertingPartyDetails((party) -> party .assertingPartyMetadata((party) -> party
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
.build(); .build();
String generatedMetadata = "<xml>test</xml>"; String generatedMetadata = "<xml>test</xml>";

10
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -84,8 +84,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
} }
}; };
this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id") this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
.assertingPartyDetails((c) -> c.entityId("idp-entity-id")) .assertingPartyMetadata((c) -> c.entityId("idp-entity-id"))
.assertingPartyDetails((c) -> c.singleSignOnServiceLocation(IDP_SSO_URL)) .assertingPartyMetadata((c) -> c.singleSignOnServiceLocation(IDP_SSO_URL))
.assertionConsumerServiceLocation("template") .assertionConsumerServiceLocation("template")
.signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())) .signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()))
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())); .decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()));
@ -168,7 +168,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}"; String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue); String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
RelyingPartyRegistration registration = this.rpBuilder RelyingPartyRegistration registration = this.rpBuilder
.assertingPartyDetails((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST))
.build(); .build();
Saml2PostAuthenticationRequest request = Saml2PostAuthenticationRequest Saml2PostAuthenticationRequest request = Saml2PostAuthenticationRequest
.withRelyingPartyRegistration(registration) .withRelyingPartyRegistration(registration)
@ -213,7 +213,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
@Test @Test
public void doFilterWhenPostThenSaveRedirectRequest() throws ServletException, IOException { public void doFilterWhenPostThenSaveRedirectRequest() throws ServletException, IOException {
RelyingPartyRegistration registration = this.rpBuilder RelyingPartyRegistration registration = this.rpBuilder
.assertingPartyDetails((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST))
.build(); .build();
Saml2PostAuthenticationRequest request = Saml2PostAuthenticationRequest Saml2PostAuthenticationRequest request = Saml2PostAuthenticationRequest
.withRelyingPartyRegistration(registration) .withRelyingPartyRegistration(registration)

6
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilterTests.java
Unescape View File

@ -93,13 +93,13 @@ public class Saml2LogoutRequestFilterTests {
String content = response.getHeader("Location"); String content = response.getHeader("Location");
assertThat(content).contains(Saml2ParameterNames.SAML_RESPONSE); assertThat(content).contains(Saml2ParameterNames.SAML_RESPONSE);
assertThat(content) assertThat(content)
.startsWith(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation()); .startsWith(registration.getAssertingPartyMetadata().getSingleLogoutServiceResponseLocation());
} }
@Test @Test
public void doFilterWhenSamlRequestThenPosts() throws Exception { public void doFilterWhenSamlRequestThenPosts() throws Exception {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST))
.build(); .build();
Authentication authentication = new TestingAuthenticationToken("user", "password"); Authentication authentication = new TestingAuthenticationToken("user", "password");
given(this.securityContextHolderStrategy.getContext()).willReturn(new SecurityContextImpl(authentication)); given(this.securityContextHolderStrategy.getContext()).willReturn(new SecurityContextImpl(authentication));
@ -270,7 +270,7 @@ public class Saml2LogoutRequestFilterTests {
private void checkResponse(String responseContent, RelyingPartyRegistration registration) { private void checkResponse(String responseContent, RelyingPartyRegistration registration) {
assertThat(responseContent).contains(Saml2ParameterNames.SAML_RESPONSE); assertThat(responseContent).contains(Saml2ParameterNames.SAML_RESPONSE);
assertThat(responseContent) assertThat(responseContent)
.contains(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation()); .contains(registration.getAssertingPartyMetadata().getSingleLogoutServiceResponseLocation());
assertThat(responseContent).contains( assertThat(responseContent).contains(
"<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">"); "<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">");
assertThat(responseContent) assertThat(responseContent)

8
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,13 +79,13 @@ public class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests {
this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication); this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
String content = response.getHeader("Location"); String content = response.getHeader("Location");
assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST); assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
assertThat(content).startsWith(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation()); assertThat(content).startsWith(registration.getAssertingPartyMetadata().getSingleLogoutServiceLocation());
} }
@Test @Test
public void onLogoutSuccessWhenPostThenPostsToAssertingParty() throws Exception { public void onLogoutSuccessWhenPostThenPostsToAssertingParty() throws Exception {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full() RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)) .assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST))
.build(); .build();
Authentication authentication = authentication(registration); Authentication authentication = authentication(registration);
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
@ -99,7 +99,7 @@ public class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests {
this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication); this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
String content = response.getContentAsString(); String content = response.getContentAsString();
assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST); assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
assertThat(content).contains(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation()); assertThat(content).contains(registration.getAssertingPartyMetadata().getSingleLogoutServiceLocation());
assertThat(content).contains( assertThat(content).contains(
"<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">"); "<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">");
assertThat(content).contains("<script>window.onload = function() { document.forms[0].submit(); }</script>"); assertThat(content).contains("<script>window.onload = function() { document.forms[0].submit(); }</script>");

Write Preview
Loading…
Cancel
Save