search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.55k stars 5.79k forks source link

Easier SAML metadata configuration via DSL #15137

Open OrangeDog opened 1 month ago

OrangeDog commented 1 month ago

Expected Behavior Some or all of these to be available in some form:

http.saml2Metadata(saml -> saml
    .metadataUrl("/saml/metadata")
    .metadataFilename("my-metadata.xml")
    .entityDescriptorCustomizer(params -> params.getEntityDescriptor().set...)

Current Behavior

OpenSamlMetadataResolver metadataResolver = new OpenSamlMetadataResolver();
metadataResolver.setEntityDescriptorCustomizer(params -> params.getEntityDescriptor().set...);
metadataResolver.setUsePrettyPrint(false);

RequestMatcherMetadataResponseResolver responseResolver =
        new RequestMatcherMetadataResponseResolver(samlRepository, metadataResolver);
responseResolver.setMetadataFilename("my-metadata.xml");
responseResolver.setRequestMatcher(new AntPathRequestMatcher("/saml/metadata"));

http.saml2Metadata(saml -> saml.metadataResponseResolver(responseResolver))

Additional RelyingPartyRegistrationRepository is not available from http.getSharedObject(). Internally the configurer uses a delegate to provide it to its default metadataResponseResolver, but this is not available to a user-provided one.

Auto-wiring for the entityDescriptorCustomizer would be a nice alternative/addition.