Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML API should accept, adapt, and/or mirror OpenSAML's Credential API #15019

Open
OrangeDog opened this issue May 7, 2024 · 1 comment
Open

SAML API should accept, adapt, and/or mirror OpenSAML's Credential API #15019

OrangeDog opened this issue May 7, 2024 · 1 comment
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement

Comments

@OrangeDog
Copy link
Contributor

Expected Behavior
Ability to do something like this:

RelyingPartyRegistration.Builder builder;
KeyStore keyStore;

Credential credential = new KeyStoreX509CredentialAdapter(keyStore, "alias", "password".toCharArray());
builder.decryptionX509Credentials(creds -> creds.add(credential))
builder.signingX509Credentials(creds -> creds.add(credential))

Current Behavior
Currently have to do something like this:

RelyingPartyRegistration.Builder builder;
KeyStore keyStore;

X509Credential credential = new KeyStoreX509CredentialAdapter(keyStore, "alias", "password".toCharArray());
Saml2X509Credential samlCred = new Saml2X509Credential(
        credential.getPrivateKey(),
        credential.getEntityCertificate(),
        Saml2X509Credential.Saml2X509CredentialType.DECRYPTION,
        Saml2X509Credential.Saml2X509CredentialType.SIGNING
);
builder.decryptionX509Credentials(creds -> creds.add(samlCred));
builder.signingX509Credentials(creds -> creds.add(samlCred));

Context

OpenSAML provides org.opensaml.security.credential.Credential and multiple implementations to cover various useful cases. Spring Security instead provides org.springframework.security.saml2.core.Saml2X509Credential with much more restricted functionality. However, internally Spring just uses the Saml2X509Credential to build a Credential.
@OrangeDog OrangeDog added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels May 7, 2024
@OrangeDog
Copy link
Contributor Author

This is similar to spring-projects/spring-boot#40610 but they're probably orthogonal issues.

@sjohnr sjohnr added the in: saml2 An issue in SAML2 modules label May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OrangeDog @jzheaux @sjohnr