You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Download the metadata generated via org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter e.g. by accessing https://myhost/saml2/service-provider-metadata/{registration-id} and check the entityId. It does not correspond and, instead, is equal to the metadata URL (as defined in org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder class).
Expected behavior
EntityId in the metadata XML should be identical with the one indicated within the relying-party-registration.
The text was updated successfully, but these errors were encountered:
I do not know if this helps but I noticed the Saml2LoginBeanDefinitionParser does not read the entity-id attribute unlike the other attributes defined within the relying-party-registration element.
Hi, @micvm, I believe you are correct. Are you interested in contributing a PR that fixes the issue?
It would be helpful if it were based on the 5.7.x branch -- where the bug was introduced -- and included a unit test that fails without your change and passes with it.
I can have a try but I am not familiar with the Spring SDK and internals. For example, I tried to launch gradle tasks and I get the following for branch 5.7.x:
Describe the bug
The entityId specified for a relying-party-registration via xml namespace seems to be ignored and defaults to the metadata location.
To Reproduce
Define a relying party registration via xml and give an arbitrary name. Example
Download the metadata generated via
org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
e.g. by accessinghttps://myhost/saml2/service-provider-metadata/{registration-id}
and check the entityId. It does not correspond and, instead, is equal to the metadata URL (as defined in org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder class).Expected behavior
EntityId in the metadata XML should be identical with the one indicated within the relying-party-registration.
The text was updated successfully, but these errors were encountered: