Spring Security Allow OpenSamlMetadataResolver to switch between pretty print vs normal displayed metadata rendering

Expected Behavior

Allow OpenSamlMetadataResolver to generate metadata that is not pretty printed. This can be achieved by adding a flag that controls whether the outputted metadata string gets pretty printed or not. The default value can be set to true as to preserve the current default behaviour.

Current Behavior

Currently the metadata is always pretty printed through the use of SerializeSupport.prettyPrintXML(element) which has format-pretty-print=true statically set.

Context

Generating a signed metadata, that gets pretty printed after signing, leads to the metadata not being validated when the signature is checked afterwards. 2 possible workarounds that are not satisfactory and hard to maintain with library version updates: 1. code duplication, or 2. reflection override of the static value in SerializeSupport

Comment From: sumeetpri

@adrianpoplesanu How to generate signed metadata ,does spring security support to generate signed metadata of service provider ? I am have similar requirement but not able to generate signed metadata of registrations ? I have posted my question at https://stackoverflow.com/questions/76926392/adding-signature-to-service-provider-metadata-in-spring-security-saml

Comment From: adrianpoplesanu

@sumeetpri I signed the metadata by using an entity descriptor customizer. I created a class that extends Consumer<EntityDescriptorParameters> that signs the entity descriptor within accept and passed it in OpenSamlMetadataResolver via setEntityDescriptorCustomizer. I believe you can use any signing implementation, however i copied(because of the visibility modifiers) the one from OpenSamlSigningUtils over in my project and used that.