-
Notifications
You must be signed in to change notification settings - Fork 40.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reloading Saml2RelyingPartyRegistrations with help of Saml2RelyingPartyRegistrationConfiguration #23918
Comments
@philwebb Just curious, are there any news regarding this issue? :) |
Not much I'm afraid. We targeted it to 2.x which means it's a valid issue and something we'd like to fix, we just haven't had the time yet. |
@philwebb How likely is it that this will be included in a 2.x release? |
A pull-request would be most welcome. There a few options for fixing this, and I'm not sure which would be best. We could create a properties.getRegistration().entrySet().stream().map(RelyingPartyRegistrationProperyMapper::asRegistration) Another option might be to introduce a Flagging for team attention to see if there's a preference. |
Adding a Given that it's cumbersome to get a list of |
Just wondering, does the list of |
@tommai78101 the list of |
Oh, this is all I needed to know, the ability to load a collection of |
The
spring-security-saml
extension provides aHTTPMetadataProvider
which is able to automatically refresh SAML metadata in configurable intervals. It would be nice if this feature would also be supported by spring security, but I'm afraid that this feature is out of scope of this library (spring-projects/spring-security#9134).This is ok, because this feature can be realized fairly simple by implementing a custom
RelyingPartyRegistrationRepository
.However the user has to write a lot of code that is already part of Spring Boot and Spring Security internally (e.g. reading certificates, thinking about configuration properties, ...).
It would be nice if a user could just use the existing Spring Boot SAML configuration like this (example on github):
My question is, would you consider making the private
asRegistration(...)
method fromSaml2RelyingPartyRegistrationConfiguration
in some form accessible to users, so that they don't have to repeat that code? Maybe not inSaml2RelyingPartyRegistrationConfiguration
but in a separate utility class?The text was updated successfully, but these errors were encountered: