Skip to content

Commit 46a40e7

Browse files
committed
Merge branch '6.0.x'
Closes gh-12937
2 parents d3c22a0 + 20358e7 commit 46a40e7

File tree

3 files changed

+18
-2
lines changed

3 files changed

+18
-2
lines changed

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolver.java

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,12 @@
3030
import org.opensaml.saml.saml2.core.AuthnRequest;
3131
import org.opensaml.saml.saml2.core.Issuer;
3232
import org.opensaml.saml.saml2.core.NameID;
33+
import org.opensaml.saml.saml2.core.NameIDPolicy;
3334
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
3435
import org.opensaml.saml.saml2.core.impl.AuthnRequestMarshaller;
3536
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
3637
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
38+
import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder;
3739
import org.w3c.dom.Element;
3840

3941
import org.springframework.core.convert.converter.Converter;
@@ -71,6 +73,8 @@ class OpenSamlAuthenticationRequestResolver {
7173

7274
private final NameIDBuilder nameIdBuilder;
7375

76+
private final NameIDPolicyBuilder nameIdPolicyBuilder;
77+
7478
private RequestMatcher requestMatcher = new AntPathRequestMatcher(
7579
Saml2AuthenticationRequestResolver.DEFAULT_AUTHENTICATION_REQUEST_URI);
7680

@@ -96,6 +100,9 @@ class OpenSamlAuthenticationRequestResolver {
96100
Assert.notNull(this.issuerBuilder, "issuerBuilder must be configured in OpenSAML");
97101
this.nameIdBuilder = (NameIDBuilder) registry.getBuilderFactory().getBuilder(NameID.DEFAULT_ELEMENT_NAME);
98102
Assert.notNull(this.nameIdBuilder, "nameIdBuilder must be configured in OpenSAML");
103+
this.nameIdPolicyBuilder = (NameIDPolicyBuilder) registry.getBuilderFactory()
104+
.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
105+
Assert.notNull(this.nameIdPolicyBuilder, "nameIdPolicyBuilder must be configured in OpenSAML");
99106
}
100107

101108
void setRelayStateResolver(Converter<HttpServletRequest, String> relayStateResolver) {
@@ -135,6 +142,11 @@ <T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest requ
135142
authnRequest.setIssuer(iss);
136143
authnRequest.setDestination(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
137144
authnRequest.setAssertionConsumerServiceURL(assertionConsumerServiceLocation);
145+
if (registration.getNameIdFormat() != null) {
146+
NameIDPolicy nameIdPolicy = this.nameIdPolicyBuilder.buildObject();
147+
nameIdPolicy.setFormat(registration.getNameIdFormat());
148+
authnRequest.setNameIDPolicy(nameIdPolicy);
149+
}
138150
authnRequestConsumer.accept(registration, authnRequest);
139151
if (authnRequest.getID() == null) {
140152
authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2022 the original author or authors.
2+
* Copyright 2002-2023 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -38,7 +38,7 @@ public static RelyingPartyRegistration.Builder relyingPartyRegistration() {
3838
Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
3939
String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
4040
String singleLogoutServiceLocation = "{baseUrl}/logout/saml2/slo";
41-
return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId)
41+
return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId).nameIdFormat("format")
4242
.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
4343
.singleLogoutServiceLocation(singleLogoutServiceLocation)
4444
.signingX509Credentials((c) -> c.add(signingCredential)).assertingPartyDetails(

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolverTests.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(
6464
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
6565
Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
6666
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
67+
assertThat(authnRequest.getNameIDPolicy().getFormat()).isEqualTo(registration.getNameIdFormat());
6768
assertThat(authnRequest.getAssertionConsumerServiceURL())
6869
.isEqualTo(uriResolver.resolve(registration.getAssertionConsumerServiceLocation()));
6970
assertThat(authnRequest.getProtocolBinding())
@@ -89,6 +90,7 @@ public void resolveAuthenticationRequestWhenUnsignedRedirectThenRedirectsAndNoSi
8990
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
9091
Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
9192
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
93+
assertThat(authnRequest.getNameIDPolicy().getFormat()).isEqualTo(registration.getNameIdFormat());
9294
assertThat(authnRequest.getAssertionConsumerServiceURL())
9395
.isEqualTo(uriResolver.resolve(registration.getAssertionConsumerServiceLocation()));
9496
assertThat(authnRequest.getProtocolBinding())
@@ -128,6 +130,7 @@ public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() {
128130
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
129131
Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
130132
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
133+
assertThat(authnRequest.getNameIDPolicy().getFormat()).isEqualTo(registration.getNameIdFormat());
131134
assertThat(authnRequest.getAssertionConsumerServiceURL())
132135
.isEqualTo(uriResolver.resolve(registration.getAssertionConsumerServiceLocation()));
133136
assertThat(authnRequest.getProtocolBinding())
@@ -157,6 +160,7 @@ public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean
157160
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
158161
Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
159162
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
163+
assertThat(authnRequest.getNameIDPolicy().getFormat()).isEqualTo(registration.getNameIdFormat());
160164
assertThat(authnRequest.getAssertionConsumerServiceURL())
161165
.isEqualTo(uriResolver.resolve(registration.getAssertionConsumerServiceLocation()));
162166
assertThat(authnRequest.getProtocolBinding())

0 commit comments

Comments
 (0)