spring-projects
EntityId ignored in xml relying-party-registration
Describe the bug The entityId specified for a relying-party-registration via xml namespace seems to be ignored and defaults to the metadata location.
To Reproduce Define a relying party registration via xml and give an arbitrary name. Example
<sec:relying-party-registrations>
<sec:relying-party-registration
entity-id="MyEntityId"
registration-id="some-registrationId"
metadata-location="classpath:someIdpMetaDataFile.xml"
>
</sec:relying-party-registration>
</sec:relying-party-registrations>
Download the metadata generated via org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter e.g. by accessing https://myhost/saml2/service-provider-metadata/{registration-id} and check the entityId. It does not correspond and, instead, is equal to the metadata URL (as defined in org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder class).
Expected behavior EntityId in the metadata XML should be identical with the one indicated within the relying-party-registration.
I do not know if this helps but I noticed the Saml2LoginBeanDefinitionParser does not read the entity-id attribute unlike the other attributes defined within the relying-party-registration element.
Hi, @micvm, I believe you are correct. Are you interested in contributing a PR that fixes the issue?
It would be helpful if it were based on the 5.7.x branch -- where the bug was introduced -- and included a unit test that fails without your change and passes with it.
I can have a try but I am not familiar with the Spring SDK and internals. For example, I tried to launch gradle tasks and I get the following for branch 5.7.x:
Task :buildSrc:test
JavadocApiPluginITest > multiModuleApi() FAILED
java.io.FileNotFoundException at JavadocApiPluginITest.java:33
ShowcaseITest > build() FAILED
org.gradle.testkit.runner.UnexpectedBuildFailure at ShowcaseITest.java:30
110 tests completed, 2 failed, 3 skipped
Any idea how I could solve that?