Check entityID only in creation

cloudfoundry · Jun 18, 2024 · 2c38623 · 2c38623
1 parent 3e2a35e
commit 2c38623
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
@@ -137,7 +137,7 @@ public ResponseEntity<IdentityProvider> createIdentityProvider(@RequestBody Iden
             SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(body.getConfig(), SamlIdentityProviderDefinition.class);
             definition.setZoneId(zoneId);
             definition.setIdpEntityAlias(body.getOriginKey());
-            definition.setIdpEntityId(samlConfigurator.validateSamlIdentityProviderDefinition(definition));
+            definition.setIdpEntityId(samlConfigurator.validateSamlIdentityProviderDefinition(definition, true));
             body.setConfig(definition);
         }
 
@@ -222,7 +222,7 @@ public ResponseEntity<IdentityProvider> updateIdentityProvider(@PathVariable Str
             SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(body.getConfig(), SamlIdentityProviderDefinition.class);
             definition.setZoneId(zoneId);
             definition.setIdpEntityAlias(body.getOriginKey());
-            samlConfigurator.validateSamlIdentityProviderDefinition(definition);
+            samlConfigurator.validateSamlIdentityProviderDefinition(definition, false);
             body.setConfig(definition);
         }
 

diff --git a/...in/java/org/cloudfoundry/identity/uaa/provider/saml/SamlIdentityProviderConfigurator.java b/...in/java/org/cloudfoundry/identity/uaa/provider/saml/SamlIdentityProviderConfigurator.java
@@ -71,9 +71,10 @@ public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitions(List<
      * adds or replaces a SAML identity proviider
      *
      * @param providerDefinition - the provider to be added
+     * @param creation - check new created config
      * @throws MetadataProviderException if the system fails to fetch meta data for this provider
      */
-    public synchronized String validateSamlIdentityProviderDefinition(SamlIdentityProviderDefinition providerDefinition) throws MetadataProviderException {
+    public synchronized String validateSamlIdentityProviderDefinition(SamlIdentityProviderDefinition providerDefinition, boolean creation) throws MetadataProviderException {
         ExtendedMetadataDelegate added, deleted = null;
         if (providerDefinition == null) {
             throw new NullPointerException();
@@ -91,7 +92,7 @@ public synchronized String validateSamlIdentityProviderDefinition(SamlIdentityPr
             throw new MetadataProviderException("Emtpy entityID for SAML provider with zoneId:" + providerDefinition.getZoneId() + " and origin:" + providerDefinition.getIdpEntityAlias());
         }
 
-        boolean entityIDexists = entityIdExists(entityIDToBeAdded, providerDefinition.getZoneId());
+        boolean entityIDexists = creation && entityIdExists(entityIDToBeAdded, providerDefinition.getZoneId());
 
         if (!entityIDexists) {
             for (SamlIdentityProviderDefinition existing : getIdentityProviderDefinitions()) {

diff --git a/...va/org/cloudfoundry/identity/uaa/provider/saml/SamlIdentityProviderConfiguratorTests.java b/...va/org/cloudfoundry/identity/uaa/provider/saml/SamlIdentityProviderConfiguratorTests.java
@@ -154,15 +154,15 @@ public void setUp() {
 
     @Test
     public void testAddNullProvider() {
-        Assertions.assertThrows(NullPointerException.class, () -> configurator.validateSamlIdentityProviderDefinition(null));
+        Assertions.assertThrows(NullPointerException.class, () -> configurator.validateSamlIdentityProviderDefinition(null, true));
     }
 
     @Test
     public void testAddNullProviderAlias() {
         singleAdd.setIdpEntityAlias(null);
 
         Assertions.assertThrows(NullPointerException.class, () -> {
-            configurator.validateSamlIdentityProviderDefinition(singleAdd);
+            configurator.validateSamlIdentityProviderDefinition(singleAdd, true);
         });
     }
 
@@ -190,7 +190,7 @@ public void testGetEntityID() throws Exception {
                     when(idp2.getType()).thenReturn(OriginKeys.SAML);
                     when(idp2.getConfig()).thenReturn(def);
                     when(provisioning.retrieveActive(anyString())).thenReturn(asList(idp2));
-                    configurator.validateSamlIdentityProviderDefinition(def);
+                    configurator.validateSamlIdentityProviderDefinition(def, true);
                     assertEquals("http://www.okta.com/k2lw4l5bPODCMIIDBRYZ", provider.getEntityID());
                     break;
                 }
@@ -225,7 +225,7 @@ void testGetEntityIDExists() throws Exception {
                     when(provisioning.retrieveActive(anyString())).thenReturn(Arrays.asList(idp2));
                     assertThrowsWithMessageThat(
                         MetadataProviderException.class,
-                        () -> configurator.validateSamlIdentityProviderDefinition(def),
+                        () -> configurator.validateSamlIdentityProviderDefinition(def, true),
                         startsWith("Duplicate entity ID:http://www.okta.com")
                     );
                 }