Spring Security Singing Credentials should be not be mandatory while configuring relyingPartyRegistration in saml auth.

Hi,

In many of the IDPs, singing Assertion is not mandatory. In our previous version of the application, we were not providing the singing certificates and SAML Auth was working fine without any issue. But while configuring authentication using spring-security-saml2-service-provider it is failing with error:

org.springframework.security.saml2.Saml2Exception: java.lang.IllegalArgumentException: Failed to resolve any signing credential at org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory.resolveSigningParameters(OpenSamlAuthenticationRequestFactory.java:294) at org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory.sign(OpenSamlAuthenticationRequestFactory.java:241) at org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory.createRedirectAuthenticationRequest(OpenSamlAuthenticationRequestFactory.java:155) at org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter.sendRedirect(Saml2WebSsoAuthenticationRequestFilter.java:160) at org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter.doFilterInternal(Saml2WebSsoAuthenticationRequestFilter.java:150)

it is possible to make the signing certificate optional in the same way as the encryption certificate?

Comment From: jzheaux

Thanks for getting in touch! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.