+ * This method is intended for scenarios when the metadata is looked up by a separate + * mechanism. One such example is when the metadata is stored in a database. + *
+ * + *+ * The callers of this method are accountable for closing the + * {@code InputStream} source. + *
+ * + * Note that by default the registrationId is set to be the given metadata location, + * but this will most often not be sufficient. To complete the configuration, most + * applications will also need to provide a registrationId, like so: + * + *
+ * String xml = fromDatabase();
+ * try (InputStream source = new ByteArrayInputStream(xml.getBytes())) {
+ * RelyingPartyRegistration registration = RelyingPartyRegistrations
+ * .fromMetadata(source)
+ * .registrationId("registration-id")
+ * .build();
+ * }
+ *
+ *
+ * Also note that an {@code IDPSSODescriptor} typically only contains information
+ * about the asserting party. Thus, you will need to remember to still populate
+ * anything about the relying party, like any private keys the relying party will use
+ * for signing AuthnRequests.
+ * @param source the {@link InputStream} source containing the asserting party
+ * metadata
+ * @return the {@link RelyingPartyRegistration.Builder} for further configuration
+ * @since 5.6
+ */
+ public static RelyingPartyRegistration.Builder fromMetadata(InputStream source) {
+ return assertingPartyMetadataConverter.convert(source);
+ }
+
}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
index 8a070f941e..9b74aa64a0 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,7 +17,9 @@
package org.springframework.security.saml2.provider.service.registration;
import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
import java.io.File;
+import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.stream.Collectors;
@@ -104,4 +106,27 @@ public class RelyingPartyRegistrationsTests {
.isThrownBy(() -> RelyingPartyRegistrations.fromMetadataLocation("filePath"));
}
+ @Test
+ public void fromMetadataInputStreamWhenResolvableThenPopulatesBuilder() throws Exception {
+ try (InputStream source = new ByteArrayInputStream(this.metadata.getBytes())) {
+ RelyingPartyRegistration registration = RelyingPartyRegistrations.fromMetadata(source).entityId("rp")
+ .build();
+ RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
+ assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
+ assertThat(details.getSingleSignOnServiceLocation())
+ .isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
+ assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
+ assertThat(details.getVerificationX509Credentials()).hasSize(1);
+ assertThat(details.getEncryptionX509Credentials()).hasSize(1);
+ }
+ }
+
+ @Test
+ public void fromMetadataInputStreamWhenEmptyThenSaml2Exception() throws Exception {
+ try (InputStream source = new ByteArrayInputStream("".getBytes())) {
+ assertThatExceptionOfType(Saml2Exception.class)
+ .isThrownBy(() -> RelyingPartyRegistrations.fromMetadata(source));
+ }
+ }
+
}