Skip to content

Commit fd68bb3

Browse files
jzheauxjzheaux
committed
Add AuthnRequstsSigned to OpenSaml implementations
Issue gh-12841
1 parent cdf64c3 commit fd68bb3

File tree

2 files changed

+19
-18
lines changed

2 files changed

+19
-18
lines changed

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
3737
registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(),
3838
registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(),
3939
registration.getSingleLogoutServiceBindings(), registration.getAssertingPartyDetails(),
40-
registration.getNameIdFormat(), registration.getDecryptionX509Credentials(),
41-
registration.getSigningX509Credentials());
40+
registration.getNameIdFormat(), registration.isAuthnRequestsSigned(),
41+
registration.getDecryptionX509Credentials(), registration.getSigningX509Credentials());
4242
}
4343

4444
/**
@@ -55,7 +55,7 @@ public OpenSamlRelyingPartyRegistration.Builder mutate() {
5555
.singleLogoutServiceLocation(getSingleLogoutServiceLocation())
5656
.singleLogoutServiceResponseLocation(getSingleLogoutServiceResponseLocation())
5757
.singleLogoutServiceBindings((c) -> c.addAll(getSingleLogoutServiceBindings()))
58-
.nameIdFormat(getNameIdFormat())
58+
.nameIdFormat(getNameIdFormat()).authnRequestsSigned(isAuthnRequestsSigned())
5959
.assertingPartyDetails((assertingParty) -> ((OpenSamlAssertingPartyDetails.Builder) assertingParty)
6060
.entityId(party.getEntityId()).wantAuthnRequestsSigned(party.getWantAuthnRequestsSigned())
6161
.signingAlgorithms((algorithms) -> algorithms.addAll(party.getSigningAlgorithms()))
@@ -152,6 +152,11 @@ public Builder nameIdFormat(String nameIdFormat) {
152152
return (Builder) super.nameIdFormat(nameIdFormat);
153153
}
154154

155+
@Override
156+
public Builder authnRequestsSigned(Boolean authnRequestsSigned) {
157+
return (Builder) super.authnRequestsSigned(authnRequestsSigned);
158+
}
159+
155160
@Override
156161
public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
157162
return (Builder) super.assertingPartyDetails(assertingPartyDetails);

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolverTests.java

Lines changed: 11 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616

1717
package org.springframework.security.saml2.provider.service.web.authentication;
1818

19+
import java.util.stream.Stream;
20+
1921
import org.junit.jupiter.api.BeforeEach;
2022
import org.junit.jupiter.api.Test;
2123
import org.junit.jupiter.params.ParameterizedTest;
@@ -35,8 +37,6 @@
3537
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers;
3638
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
3739

38-
import java.util.stream.Stream;
39-
4040
import static org.assertj.core.api.Assertions.assertThat;
4141
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
4242

@@ -54,13 +54,13 @@ public void setUp() {
5454

5555
@ParameterizedTest
5656
@MethodSource("provideSignRequestFlags")
57-
public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(boolean wantAuthRequestsSigned, boolean authnRequestsSigned) {
57+
public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(boolean wantAuthRequestsSigned,
58+
boolean authnRequestsSigned) {
5859
MockHttpServletRequest request = new MockHttpServletRequest();
5960
request.setPathInfo("/saml2/authenticate/registration-id");
6061
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
6162
.authnRequestsSigned(authnRequestsSigned)
62-
.assertingPartyDetails(party -> party.wantAuthnRequestsSigned(wantAuthRequestsSigned))
63-
.build();
63+
.assertingPartyDetails((party) -> party.wantAuthnRequestsSigned(wantAuthRequestsSigned)).build();
6464
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
6565
Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
6666
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
@@ -122,10 +122,9 @@ public void resolveAuthenticationRequestWhenSignedThenCredentialIsRequired() {
122122
public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() {
123123
MockHttpServletRequest request = new MockHttpServletRequest();
124124
request.setPathInfo("/saml2/authenticate/registration-id");
125-
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
126-
.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false))
127-
.authnRequestsSigned(false)
128-
.build();
125+
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder.assertingPartyDetails(
126+
(party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false))
127+
.authnRequestsSigned(false).build();
129128
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
130129
Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
131130
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
@@ -146,7 +145,8 @@ public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() {
146145

147146
@ParameterizedTest
148147
@MethodSource("provideSignRequestFlags")
149-
public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean wantAuthRequestsSigned, boolean authnRequestsSigned) {
148+
public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean wantAuthRequestsSigned,
149+
boolean authnRequestsSigned) {
150150
MockHttpServletRequest request = new MockHttpServletRequest();
151151
request.setPathInfo("/saml2/authenticate/registration-id");
152152
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
@@ -195,11 +195,7 @@ private OpenSamlAuthenticationRequestResolver authenticationRequestResolver(Rely
195195
}
196196

197197
private static Stream<Arguments> provideSignRequestFlags() {
198-
return Stream.of(
199-
Arguments.of(true, true),
200-
Arguments.of(true, false),
201-
Arguments.of(false, true)
202-
);
198+
return Stream.of(Arguments.of(true, true), Arguments.of(true, false), Arguments.of(false, true));
203199
}
204200

205201
}

0 commit comments

Comments
 (0)