OpenSaml4AuthenticationRequestResolver method resolve #11659
Comments
tundoMatteo
added
status: waiting-for-triage
|
Hi @tundoMatteo, this is a duplicate of #10547. I'll close this but feel free to reach out if you need any further help. |
marcusdacoregio
added
status: duplicate
|
@marcusdacoregio so the solution is to update OpenSaml to version 4.1.0? But spring brings with it the version 3.4.6 and the problem is not concerned with the logout, since i was trying to change the nameIdPolicy of the Saml Request. The 4.1.0 does not exist on maven repository and you sare using the version 3.4.6 in spring-security-saml2-service-provider pom. |
|
Yes, Spring Security SAML Service Provider has the OpenSAML version 3.4.6 in it because we support OpenSaml3 (which will be removed in Spring Security 6, see #10556). Since you are using |
|
@marcusdacoregio ok thank you but it would be useful to update the guide here where there is this snippet of code:
Here it shows to use the OpenSaml4AuthenticationRequestResolver, but it will not work if i don't force the import of open saml 4 in the pom. |
In spring-security-saml2-service-provider 5.7.2. the class OpenSaml4AuthenticationRequestResolver has this method:
@Override public <T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request) { return this.authnRequestResolver.resolve(request, (registration, authnRequest) -> { authnRequest.setIssueInstant(Instant.now(this.clock)); this.contextConsumer.accept(new AuthnRequestContext(request, registration, authnRequest)); }); }the method authnRequest.setIssueInstant(); requires a DateTime not an Instant.
The result is a
java.lang.NoSuchMethodError: org.opensaml.saml.saml2.core.AuthnRequest.setIssueInstant(Ljava/time/Instant;) at org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver.lambda$resolve$1OpenSaml4AuthenticationRequestResolver.java:58)
Could you please check the issue?
The text was updated successfully, but these errors were encountered: