Skip to content

EntityId ignored in xml relying-party-registration #11898

Closed
@micvm

Description

@micvm

Describe the bug
The entityId specified for a relying-party-registration via xml namespace seems to be ignored and defaults to the metadata location.

To Reproduce
Define a relying party registration via xml and give an arbitrary name. Example

<sec:relying-party-registrations>
        <sec:relying-party-registration
                entity-id="MyEntityId"
                registration-id="some-registrationId"
                metadata-location="classpath:someIdpMetaDataFile.xml"
        >
        </sec:relying-party-registration>
</sec:relying-party-registrations>

Download the metadata generated via org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter e.g. by accessing https://myhost/saml2/service-provider-metadata/{registration-id} and check the entityId. It does not correspond and, instead, is equal to the metadata URL (as defined in org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder class).

Expected behavior
EntityId in the metadata XML should be identical with the one indicated within the relying-party-registration.

Metadata

Metadata

Labels

in: saml2An issue in SAML2 modulestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions