Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EntityId ignored in xml relying-party-registration #11898

Closed
micvm opened this issue Sep 26, 2022 · 3 comments
Closed

EntityId ignored in xml relying-party-registration #11898

micvm opened this issue Sep 26, 2022 · 3 comments
Assignees
@jzheaux @marcusdacoregio
Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Milestone
5.7.8

Comments

@micvm
Copy link

micvm commented Sep 26, 2022

Describe the bug
The entityId specified for a relying-party-registration via xml namespace seems to be ignored and defaults to the metadata location.

To Reproduce
Define a relying party registration via xml and give an arbitrary name. Example

<sec:relying-party-registrations>
        <sec:relying-party-registration
                entity-id="MyEntityId"
                registration-id="some-registrationId"
                metadata-location="classpath:someIdpMetaDataFile.xml"
        >
        </sec:relying-party-registration>
</sec:relying-party-registrations>

Download the metadata generated via org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter e.g. by accessing https://myhost/saml2/service-provider-metadata/{registration-id} and check the entityId. It does not correspond and, instead, is equal to the metadata URL (as defined in org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder class).

Expected behavior
EntityId in the metadata XML should be identical with the one indicated within the relying-party-registration.
@micvm micvm added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 26, 2022
@micvm
Copy link
Author

micvm commented Sep 26, 2022

I do not know if this helps but I noticed the Saml2LoginBeanDefinitionParser does not read the entity-id attribute unlike the other attributes defined within the relying-party-registration element.

@jzheaux
Copy link
Contributor

jzheaux commented Sep 26, 2022

Hi, @micvm, I believe you are correct. Are you interested in contributing a PR that fixes the issue?

It would be helpful if it were based on the 5.7.x branch -- where the bug was introduced -- and included a unit test that fails without your change and passes with it.

@jzheaux jzheaux added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 26, 2022
@jzheaux jzheaux added this to the 5.6.8 milestone Sep 26, 2022
@micvm
Copy link
Author

micvm commented Sep 26, 2022

I can have a try but I am not familiar with the Spring SDK and internals. For example, I tried to launch gradle tasks and I get the following for branch 5.7.x:

Task :buildSrc:test

JavadocApiPluginITest > multiModuleApi() FAILED
    java.io.FileNotFoundException at JavadocApiPluginITest.java:33

ShowcaseITest > build() FAILED
    org.gradle.testkit.runner.UnexpectedBuildFailure at ShowcaseITest.java:30

110 tests completed, 2 failed, 3 skipped

Any idea how I could solve that?

@marcusdacoregio marcusdacoregio modified the milestones: 5.6.8, 5.6.9 Oct 17, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 5.6.9, 5.6.10 Oct 31, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 5.6.10, 5.7.7 Dec 16, 2022
@marcusdacoregio marcusdacoregio self-assigned this Dec 21, 2022
@marcusdacoregio marcusdacoregio mentioned this issue Dec 22, 2022
Merged
@jzheaux jzheaux self-assigned this Jan 11, 2023
@sjohnr sjohnr modified the milestones: 5.7.7, 5.7.8 Feb 21, 2023
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue Feb 23, 2023
@marcusdacoregio
Fix entity-id ignored in RelyingPartyRegistration XML config
337e886 
Closes spring-projectsgh-11898
@marcusdacoregio marcusdacoregio mentioned this issue Feb 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

@marcusdacoregio marcusdacoregio

Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
5.7.8
Development

No branches or pull requests
4 participants
@jzheaux @sjohnr @micvm @marcusdacoregio