spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Configuring RelyingPartyRegistration no longer works with just a metadata uri

Open OrangeDog opened this issue 7 months ago • 1 comments

Describe the bug After updating from Boot 3.5.0. to 3.5.3 the property-based SAML configuration no longer works.

java.lang.IllegalArgumentException: entityId cannot be null or empty
	at org.springframework.util.Assert.hasText(Assert.java:253)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.<init>(RelyingPartyRegistration.java:489)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails$Builder.build(RelyingPartyRegistration.java:847)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails$Builder.build(RelyingPartyRegistration.java:666)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$Builder.build(RelyingPartyRegistration.java:1126)
	at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.asRegistration(Saml2RelyingPartyRegistrationConfiguration.java:110)
	at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.asRegistration(Saml2RelyingPartyRegistrationConfiguration.java:78)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)
	at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1939)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
	at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
	at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
	at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
	at java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)
	at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.relyingPartyRegistrationRepository(Saml2RelyingPartyRegistrationConfiguration.java:73)
...

To Reproduce

spring.security.saml2.relyingparty.registration:
  test.assertingparty.metadata-uri: classpath:saml/mock.xml

Expected behavior Asserting party metadata, including entityId, should be loaded from the metadata as in previous versions.

OrangeDog avatar Jun 20 '25 11:06 OrangeDog

Actually the problem may be that Boot's autoconfiguration conditions changed and this only worked before because of my custom config. If so, please disregard,

OrangeDog avatar Jun 20 '25 11:06 OrangeDog

Thanks, @OrangeDog. Were you able to sort this out? I've updated the 6.5.x samples to the latest and they appear to work without the extra property:

https://github.com/spring-projects/spring-security-samples/tree/6.5.x/servlet/spring-boot/java/saml2/login

jzheaux avatar Jul 23 '25 20:07 jzheaux

Yes, I just had to manually disable Saml2RelyingPartyAutoConfiguration.

OrangeDog avatar Jul 23 '25 22:07 OrangeDog