Expected Behavior Ability to do something like this:
RelyingPartyRegistration.Builder builder;
KeyStore keyStore;
Credential credential = new KeyStoreX509CredentialAdapter(keyStore, "alias", "password".toCharArray());
builder.decryptionX509Credentials(creds -> creds.add(credential))
builder.signingX509Credentials(creds -> creds.add(credential))
Current Behavior Currently have to do something like this:
RelyingPartyRegistration.Builder builder;
KeyStore keyStore;
X509Credential credential = new KeyStoreX509CredentialAdapter(keyStore, "alias", "password".toCharArray());
Saml2X509Credential samlCred = new Saml2X509Credential(
credential.getPrivateKey(),
credential.getEntityCertificate(),
Saml2X509Credential.Saml2X509CredentialType.DECRYPTION,
Saml2X509Credential.Saml2X509CredentialType.SIGNING
);
builder.decryptionX509Credentials(creds -> creds.add(samlCred));
builder.signingX509Credentials(creds -> creds.add(samlCred));
Context
OpenSAML provides org.opensaml.security.credential.Credential and multiple implementations to cover various useful cases. Spring Security instead provides org.springframework.security.saml2.core.Saml2X509Credential with much more restricted functionality. However, internally Spring just uses the Saml2X509Credential to build a Credential.
Comment From: OrangeDog
This is similar to https://github.com/spring-projects/spring-boot/issues/40610 but they're probably orthogonal issues.