Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some of the deprecated spring.security.saml2.relyingparty.registration.*.identityprovider.* properties are ignored #34525

Closed
wilkinsona opened this issue Mar 9, 2023 · 0 comments
Closed

Some of the deprecated spring.security.saml2.relyingparty.registration.*.identityprovider.* properties are ignored #34525

wilkinsona opened this issue Mar 9, 2023 · 0 comments
Assignees
@wilkinsona
Labels
type: bug A general bug
Milestone
2.7.10

Comments

@wilkinsona
Copy link
Member

With thanks to @Anubhav-2000 and @jvalkeal, as diagnosed in spring-projects/spring-security#12810, there are some situations where deprecated identityprovider properties are ignored. Consider this YAML:

spring:
  security:
    saml2:
      relyingparty:
        registration:
          adfs:
            identityprovider:
              entity-id: https://idp.example.com/issuer
              verification:
                credentials:
                  - certificate-location: "classpath:idp.crt"
              singlesignon:
                url: https://idp.example.com/issuer/sso
                sign-request: false

In this case the certificate location is ignored. This happens because the assertingparty properties that replaced identityprovider has a default non-null value of Verification. It and its empty List<Credential> is then used and the configured location of classpath:idp.crt is ignored.

Another symptom of this is that warnings are not logged about all of the deprecated properties. With the above YAML, the following is logged:

2023-03-09 09:59:22.213  WARN 69586 --- [           main] ml2RelyingPartyRegistrationConfiguration : Property 'spring.security.saml2.relyingparty.registration.identityprovider.adfs.entity-id' is deprecated, please use 'spring.security.saml2.relyingparty.registration.assertingparty.adfs.entity-id' instead
2023-03-09 09:59:24.152  WARN 69586 --- [           main] ml2RelyingPartyRegistrationConfiguration : Property 'spring.security.saml2.relyingparty.registration.identityprovider.adfs.singlesignon.url' is deprecated, please use 'spring.security.saml2.relyingparty.registration.assertingparty.adfs.singlesignon.url' instead
2023-03-09 09:59:25.123  WARN 69586 --- [           main] ml2RelyingPartyRegistrationConfiguration : Property 'spring.security.saml2.relyingparty.registration.identityprovider.adfs.singlesignon.sign-request' is deprecated, please use 'spring.security.saml2.relyingparty.registration.assertingparty.adfs.singlesignon.sign-request' instead
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wilkinsona wilkinsona

Labels
type: bug A general bug
Projects
None yet
Milestone
2.7.10
Development

No branches or pull requests
1 participant
@wilkinsona