make SP NameIdPolicy configurable in RelyingPartyRegistration

closes spring-projectsgh-9115

Author: amergey

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactory.java

@@ -167,7 +167,7 @@ public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(
 	private AuthnRequest createAuthnRequest(Saml2AuthenticationRequestContext context) {
 		return createAuthnRequest(context.getIssuer(), context.getDestination(),
 				context.getAssertionConsumerServiceUrl(), this.protocolBindingResolver.convert(context),
-				context.getRelyingPartyRegistration().getNameIDFormat());
+				context.getRelyingPartyRegistration().getNameIdFormat());
 	}
 
 	private AuthnRequest createAuthnRequest(String issuer, String destination, String assertionConsumerServiceUrl,

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java

@@ -87,13 +87,10 @@ private SPSSODescriptor buildSpSsoDescriptor(RelyingPartyRegistration registrati
 		spSsoDescriptor.getKeyDescriptors()
 				.addAll(buildKeys(registration.getDecryptionX509Credentials(), UsageType.ENCRYPTION));
 		spSsoDescriptor.getAssertionConsumerServices().add(buildAssertionConsumerService(registration));
-<<<<<<< Upstream, based on upstream/main
 		spSsoDescriptor.getSingleLogoutServices().add(buildSingleLogoutService(registration));
-=======
-		if (registration.getNameIDFormat() != null) {
+		if (registration.getNameIdFormat() != null) {
 			spSsoDescriptor.getNameIDFormats().add(buildNameIDFormat(registration));
 		}
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
 		return spSsoDescriptor;
 	}
 
@@ -132,19 +129,18 @@ private AssertionConsumerService buildAssertionConsumerService(RelyingPartyRegis
 		return assertionConsumerService;
 	}
 
-<<<<<<< Upstream, based on upstream/main
 	private SingleLogoutService buildSingleLogoutService(RelyingPartyRegistration registration) {
 		SingleLogoutService singleLogoutService = build(SingleLogoutService.DEFAULT_ELEMENT_NAME);
 		singleLogoutService.setLocation(registration.getSingleLogoutServiceLocation());
 		singleLogoutService.setResponseLocation(registration.getSingleLogoutServiceResponseLocation());
 		singleLogoutService.setBinding(registration.getSingleLogoutServiceBinding().getUrn());
 		return singleLogoutService;
-=======
+	}
+
 	private NameIDFormat buildNameIDFormat(RelyingPartyRegistration registration) {
-		NameIDFormat nameIDFormat = build(NameIDFormat.DEFAULT_ELEMENT_NAME);
-		nameIDFormat.setFormat(registration.getNameIDFormat());
-		return nameIDFormat;
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
+		NameIDFormat nameIdFormat = build(NameIDFormat.DEFAULT_ELEMENT_NAME);
+		nameIdFormat.setFormat(registration.getNameIdFormat());
+		return nameIdFormat;
 	}
 
 	@SuppressWarnings("unchecked")

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java

@@ -81,15 +81,13 @@ public final class RelyingPartyRegistration {
 
 	private final Saml2MessageBinding assertionConsumerServiceBinding;
 
-<<<<<<< Upstream, based on upstream/main
 	private final String singleLogoutServiceLocation;
 
 	private final String singleLogoutServiceResponseLocation;
 
 	private final Saml2MessageBinding singleLogoutServiceBinding;
-=======
+
 	private final String nameIdFormat;
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
 
 	private final ProviderDetails providerDetails;
 
@@ -100,13 +98,9 @@ public final class RelyingPartyRegistration {
 	private final Collection<Saml2X509Credential> signingX509Credentials;
 
 	private RelyingPartyRegistration(String registrationId, String entityId, String assertionConsumerServiceLocation,
-<<<<<<< Upstream, based on upstream/main
 			Saml2MessageBinding assertionConsumerServiceBinding, String singleLogoutServiceLocation,
 			String singleLogoutServiceResponseLocation, Saml2MessageBinding singleLogoutServiceBinding,
-			ProviderDetails providerDetails,
-=======
-			Saml2MessageBinding assertionConsumerServiceBinding, String nameIdFormat, ProviderDetails providerDetails,
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
+			ProviderDetails providerDetails, String nameIdFormat,
 			Collection<org.springframework.security.saml2.credentials.Saml2X509Credential> credentials,
 			Collection<Saml2X509Credential> decryptionX509Credentials,
 			Collection<Saml2X509Credential> signingX509Credentials) {
@@ -134,13 +128,10 @@ private RelyingPartyRegistration(String registrationId, String entityId, String
 		this.entityId = entityId;
 		this.assertionConsumerServiceLocation = assertionConsumerServiceLocation;
 		this.assertionConsumerServiceBinding = assertionConsumerServiceBinding;
-<<<<<<< Upstream, based on upstream/main
 		this.singleLogoutServiceLocation = singleLogoutServiceLocation;
 		this.singleLogoutServiceResponseLocation = singleLogoutServiceResponseLocation;
 		this.singleLogoutServiceBinding = singleLogoutServiceBinding;
-=======
 		this.nameIdFormat = nameIdFormat;
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
 		this.providerDetails = providerDetails;
 		this.credentials = Collections.unmodifiableList(new LinkedList<>(credentials));
 		this.decryptionX509Credentials = Collections.unmodifiableList(new LinkedList<>(decryptionX509Credentials));
@@ -201,7 +192,6 @@ public Saml2MessageBinding getAssertionConsumerServiceBinding() {
 	}
 
 	/**
-<<<<<<< Upstream, based on upstream/main
 	 * Get the <a href=
 	 * "https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf#page=7">SingleLogoutService
 	 * Binding</a>
@@ -245,14 +235,15 @@ public String getSingleLogoutServiceLocation() {
 	 */
 	public String getSingleLogoutServiceResponseLocation() {
 		return this.singleLogoutServiceResponseLocation;
-=======
+	}
+
+	/**
 	 * Get the NameID format.
 	 * @return the NameID format
 	 * @since 5.7
 	 */
 	public String getNameIdFormat() {
 		return this.nameIdFormat;
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
 	}
 
 	/**
@@ -442,13 +433,10 @@ public static Builder withRelyingPartyRegistration(RelyingPartyRegistration regi
 				.decryptionX509Credentials((c) -> c.addAll(registration.getDecryptionX509Credentials()))
 				.assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation())
 				.assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding())
-<<<<<<< Upstream, based on upstream/main
 				.singleLogoutServiceLocation(registration.getSingleLogoutServiceLocation())
 				.singleLogoutServiceResponseLocation(registration.getSingleLogoutServiceResponseLocation())
 				.singleLogoutServiceBinding(registration.getSingleLogoutServiceBinding())
-=======
-				.nameIDFormat(registration.getNameIdFormat())
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
+				.nameIdFormat(registration.getNameIdFormat())
 				.assertingPartyDetails((assertingParty) -> assertingParty
 						.entityId(registration.getAssertingPartyDetails().getEntityId())
 						.wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
@@ -1037,15 +1025,13 @@ public static final class Builder {
 
 		private Saml2MessageBinding assertionConsumerServiceBinding = Saml2MessageBinding.POST;
 
-<<<<<<< Upstream, based on upstream/main
 		private String singleLogoutServiceLocation = "{baseUrl}/logout/saml2/slo";
 
 		private String singleLogoutServiceResponseLocation;
 
 		private Saml2MessageBinding singleLogoutServiceBinding = Saml2MessageBinding.POST;
-=======
-		private String nameIDFormat = null;
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
+
+		private String nameIdFormat = null;
 
 		private ProviderDetails.Builder providerDetails = new ProviderDetails.Builder();
 
@@ -1151,7 +1137,6 @@ public Builder assertionConsumerServiceBinding(Saml2MessageBinding assertionCons
 		}
 
 		/**
-<<<<<<< Upstream, based on upstream/main
 		 * Set the <a href=
 		 * "https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf#page=7">SingleLogoutService
 		 * Binding</a>
@@ -1200,15 +1185,17 @@ public Builder singleLogoutServiceLocation(String singleLogoutServiceLocation) {
 		 */
 		public Builder singleLogoutServiceResponseLocation(String singleLogoutServiceResponseLocation) {
 			this.singleLogoutServiceResponseLocation = singleLogoutServiceResponseLocation;
-=======
+			return this;
+		}
+
+		/**
 		 * Set the NameID format
-		 * @param nameIDFormat
+		 * @param nameIdFormat
 		 * @return the {@link Builder} for further configuration
-		 * @since 5.5
+		 * @since 5.7
 		 */
-		public Builder nameIDFormat(String nameIDFormat) {
-			this.nameIDFormat = nameIDFormat;
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
+		public Builder nameIdFormat(String nameIdFormat) {
+			this.nameIdFormat = nameIdFormat;
 			return this;
 		}
 
@@ -1358,16 +1345,10 @@ public RelyingPartyRegistration build() {
 				this.singleLogoutServiceResponseLocation = this.singleLogoutServiceLocation;
 			}
 			return new RelyingPartyRegistration(this.registrationId, this.entityId,
-<<<<<<< Upstream, based on upstream/main
 					this.assertionConsumerServiceLocation, this.assertionConsumerServiceBinding,
 					this.singleLogoutServiceLocation, this.singleLogoutServiceResponseLocation,
-					this.singleLogoutServiceBinding, this.providerDetails.build(), this.credentials,
+					this.singleLogoutServiceBinding, this.providerDetails.build(), this.nameIdFormat, this.credentials,
 					this.decryptionX509Credentials, this.signingX509Credentials);
-=======
-					this.assertionConsumerServiceLocation, this.assertionConsumerServiceBinding, this.nameIDFormat,
-					this.providerDetails.build(), this.credentials, this.decryptionX509Credentials,
-					this.signingX509Credentials);
->>>>>>> 7056a31 make SP NameIDPolicy configurable in RelyingPartyRegistration
 		}
 
 	}

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationRequestFactoryTests.java

@@ -192,7 +192,7 @@ public void createAuthenticationRequestWhenSetUriThenReturnsCorrectBinding() {
 
 	@Test
 	public void createAuthenticationRequestWhenSetNameIDPolicyThenReturnsCorrectNameIDPolicy() {
-		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().nameIDFormat("format").build();
+		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().nameIdFormat("format").build();
 		this.context = this.contextBuilder.relayState("Relay State Value").relyingPartyRegistration(registration)
 				.build();
 		AuthnRequest authn = getAuthNRequest(Saml2MessageBinding.POST);

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java

@@ -63,7 +63,7 @@ public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
 
 	@Test
 	public void resolveWhenRelyingPartyNameIDFormatThenMetadataMatches() {
-		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.full().nameIDFormat("format")
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.full().nameIdFormat("format")
 				.build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java

@@ -28,7 +28,7 @@ public class RelyingPartyRegistrationTests {
 	@Test
 	public void withRelyingPartyRegistrationWorks() {
 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
-				.nameIDFormat("format")
+				.nameIdFormat("format")
 				.assertingPartyDetails((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
 				.assertingPartyDetails((a) -> a.wantAuthnRequestsSigned(false))
 				.assertingPartyDetails((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
@@ -75,7 +75,7 @@ private void compareRegistrations(RelyingPartyRegistration registration, Relying
 				.isEqualTo(registration.getAssertingPartyDetails().getVerificationX509Credentials());
 		assertThat(copy.getAssertingPartyDetails().getSigningAlgorithms())
 				.isEqualTo(registration.getAssertingPartyDetails().getSigningAlgorithms());
-		assertThat(copy.getNameIDFormat()).isEqualTo(registration.getNameIDFormat());
+		assertThat(copy.getNameIdFormat()).isEqualTo(registration.getNameIdFormat());
 	}
 
 	@Test