Related to https://github.com/spring-projects/spring-security/issues/12664
An application using RelyingPartyRegistrations can retrieve the underlying OpenSAML XMLObject for each asserting party like so:
RelyingPartyRegistration registration = // ...
OpenSamlAssertingPartyDetails details = (OpenSamlAssertingPartyDetails)
registration.getAssertingPartyDetails();
EntityDescriptor description = details.getEntityDescriptor();
This should be documented in on SAML Metadata reference page.
Since this feature is available as of 5.7, please add the documentation on the 5.7.x branch.
Comment From: stnor
I am getting an error when doing the cast to OpenSamlAssertingPartyDetails
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails cannot be cast to class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails and org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails are in unnamed module of loader org.apache.catalina.loader.ParallelWebappClassLoader @31ce1b64)
java.lang.ClassCastException: class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails cannot be cast to class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails and org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails are in unnamed module of loader org.apache.catalina.loader.ParallelWebappClassLoader @31ce1b64)
I am loading the repo with the following code (based on the refreshable example)
SkolfedRelyingPartyRegistrations
.collectionFromMetadataLocation("https://fed.skolfederation.se/prod/md/skolfederation-3_1.xml")
.forEach(builder -> {
RelyingPartyRegistration idp = builder.build();
this.relyingPartyRegistrations.put(idp.getRegistrationId(), idp);
});
Comment From: stnor
AssertingPartyDetails doesnt seem to be a subclass of OpenSamlAssertingPartyDetails nor share any interfaces.
Comment From: jzheaux
@stnor, it's the other way around. OpenSamlAssertingPartyDetails extends RelyingPartyRegistration.AssertingPartyDetails.
See the code that uses OpenSamlAssertingPartyDetails for reference.
Comment From: jzheaux
My mistake, @stnor. My understanding was that this was already supported. I believe this was the intent of https://github.com/spring-projects/spring-security/issues/10781. What needs to happen now is the details object that was created needs to be applied to the RelyingPartyRegistration (whereas right now it is copied).
Comment From: stnor
Right, that makes sense to me. I'm a bit tired here, but as I was looking at the code I couldnt see that this would ever work :D
Comment From: jzheaux
@stnor, I'll go ahead and submit a fix. Some of the 5.x deprecations in RelyingPartyRegistration make it a bit tricky.
Comment From: jzheaux
@stnor, I've pushed a change. The snapshots should be available momentarily. Will you please confirm the version you are using and that the fix works for you?
Comment From: stnor
Yup, works on 5.8.2-SNAPSHOT. Thanks!