Spring Security saml service provider: Add support to load RelyingPartyRegistration using issuer in saml response instead of registration id from request url

Summary

Would greatly help for the Saml2AuthenticationTokenConverter to have access to the issuer of saml response so that we can plug in custom logic to lookup RelyingPartyRegistration. We can still do it by parsing saml response inside the converter but that will mean we will have to parse the saml response twice once inside the Converter and second time in the AuthenticationProvider

Version

5.5.0.RC1

Comment From: jzheaux

@smandava-zpath, thanks for the suggestion.

When the Authentication is being constructed, no SAML response has yet been parsed, so there's nothing to make available to the Saml2AuthenticationTokenConverter. If the framework provided a parsed response to Saml2AuthenticationTokenConverter, it would be in addition to the parse already happening in OpenSamlAuthenticationProvider. In other words, adding this support would not remove the extra parse.

For that reason, I'll close this ticket; however, please feel free to continue to comment if you feel there's more to discuss.