It would be nice if implementations of AbstractSaml2AuthenticationRequest stored the relyingPartyRegistrationId.

One benefit is it introduces the ability to look up the registration id during login. Currently, the only way to do this is by path or by implementing a custom RelyingPartyRegistrationResolver.

The needed changes are as follows:

  • Adding the registration id as a property in AbstractSaml2AuthenticationRequest (see Saml2LogoutRequest and Saml2LogoutResponse for examples).
  • Set that property in the withRelyingPartyRegistration static methods
  • Read the property in Saml2AuthenticationTokenConverter to determine the registration id, passing that to the configured relyingPartyRegistrationResolver

Note that these changes should be made in such a way that receiving an unsolicited SAML response still works (e.g. there is no stored AuthnRequest).

Comment From: ugrave

Created a PR #11198 which adds the registration id to the request.