New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support signing SAML metadata #14916
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @CrazyParanoid! I've left some feedback inline.
...a/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
Show resolved
Hide resolved
@@ -238,6 +244,15 @@ private String serialize(EntitiesDescriptor entities) { | |||
} | |||
} | |||
|
|||
/** | |||
* Configure whether to sign the metadata. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please indicate the default value in the JavaDoc.
/** | ||
* Configure whether to sign the metadata. | ||
* | ||
* @since 6.3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that we are in the RC phase, this will go into the 6.4 release instead. Please change the @since
attribute to reflect this.
Hi @jzheaux ! Thanks for your feedback. All your comments have been resolved. |
@CrazyParanoid thanks for your contribution. Line 215 in e92dd02
If we sign EntityDescriptor before calling OpenSamlMetadataResolver.serialize, the marshaller in there will create a brand new XMLSignature object.
Where it should be
Beside that, the test case is check only whether DigestValue and SignatureValue is existing or not. I noted all debug steps at my environment (with Spring Security 6.2.2) here Please correct if I misunderstood this situation. |
Hi @longgt ! In the
I can add a value check to the test, but apparently there is no problem here. |
Closes gh-14801