Spring Security Allow creating RelyingPartyRegistrations from Metadata XML

Expected Behavior

Currently it is possible to create a RelyingPartyRegistration from Metadata-URL via

RelyingPartyRegistration registration = RelyingPartyRegistrations
    .fromMetadataLocation(metadataLocation)
    .registrationId("registration-id")
    .build()

In case the IDP is not reachable, the application will not start successfully.

It would be nice to be able to create the RelyingPartyRegistration like this:

RelyingPartyRegistration registration = RelyingPartyRegistrations
    .fromMetadata(new FileSystemResoource("/path/to/metadata.xml"))
    .registrationId("registration-id")
    .build()

Then users could cache the IDP Metadata and use the cached Metadata during startup if IDP is not available.

Comment From: dawi

This is a duplicate of https://github.com/spring-projects/spring-security/issues/9028. Great to see that it's already implemented. :)

Comment From: muhammad-towfique-imam

A bit late into the party. Here is a way to create RelyingPartyRegistration.Builder from metadata xml. This method could be included in RelyingPartyRegistrations class.

public RelyingPartyRegistration.Builder fromMetadataXml(String xml) throws IOException {
    OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter converter = new OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter();
    return converter.read(RelyingPartyRegistration.Builder.class, new HttpInputMessage() {
        @Override
        public InputStream getBody() throws IOException {
            return new StringInputStream(xml);
        }

        @Override
        public HttpHeaders getHeaders() {
            return null;
        }
    });
}

Comment From: jzheaux

@muhammad-towfique-imam thanks for sharing. Have you already seen the support in #9028, and can you confirm that works for you?

Comment From: muhammad-towfique-imam

Hello @jzheaux , I have already seen the support in #9028 . I needed to dynamicly create RelyingPartyRegistration from xml metadata stored in database. I couldn't find any way of doing that. After 2/3 days of looking into the resources, I came up with the above solution. It works perfectly as per my requirement. Shared the code here thinking it could help someone.

Comment From: jzheaux

I see, @muhammad-towfique-imam. I think it makes sense to add RelyingPartyRegistrations#fromMetadata(InputStream). Then you could do:

String xml = fromDatabase();
return RelyingPartyRegistrations.fromMetadata(new ByteArrayInputStream(xml.getBytes()));

Would that address your use case, and if so, would you be able to file a ticket to look into it further?

Comment From: muhammad-towfique-imam

Yes @jzheaux . This would address my use case. Should I proceed with filing a ticket for this enhancement?

Comment From: jzheaux

Yes, @muhammad-towfique-imam, that would be great.

Comment From: muhammad-towfique-imam

Hi @jzheaux, I have created #9558. Please review.