spring-security relying-party-registration doesn't allow placeholders in xml

Using Spring Security 6.0.8

I use XML based configuration for most security setup as I have customisations that need to be dynamically processed.

Using <security:relying-party-registration... Everything works fine if I hardcode the metadata-location and assertion-consumer-service-location but using a propertyConfigurer the values aren't used.

I have this setup for the propertyConfigurer

<context:property-placeholder location="file:${application.properties}"/>

application.properties contains these values:

relying-party-registration.metadata-location=*****
relying-party-registration.assertion-location=*****
relying-party-registration.logout-location=*****

relying-party-registrations is setup like this:

<security:relying-party-registrations>
        <security:relying-party-registration registration-id="example123"
                                             metadata-location="${relying-party-registration.metadata-location}"
                                             single-logout-service-location="${relying-party-registration.logout-location}"
                                             entity-id="some:entity:id"
                                             assertion-consumer-service-location="${relying-party-registration.assertion-location}">
        </security:relying-party-registration>
</security:relying-party-registrations>

Values are not propagated in the relying-party-registration.

Feb 22 '24 13:02 abhishek-bafna-amdhan

I am also facing the same issue, upgrade of spring security work is stuck because of it.

Mar 18 '24 10:03 dcdinesh1

@jzheaux I'm using the latest Spring Security version (6.4.2) and my placeholders are still not resolved in the relying-party-registration attributes.

Test case: demo.zip

Dec 19 '24 08:12 rvervaek