Skip to content

ACS Binding should be in RelyingPartyRegistration #8776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Jun 29, 2020 · 0 comments
Closed

ACS Binding should be in RelyingPartyRegistration #8776

jzheaux opened this issue Jun 29, 2020 · 0 comments
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.4.0-RC1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jun 29, 2020

OpenSamlAuthenticationRequestFactory has a method called setProtocolBinding, which allows an application to indicate to IDPs the binding the IDP should use when sending the Response.

Both the SSO Service Location and Binding are in RelyingPartyRegistration.
But the ACS Location is in RelyingPartyRegistration and the ACS Binding is in OpenSamlAuthenticationRequestFactory, which creates some confusion.

For this ticket, OpenSamlAuthenticationRequestFactory#setProtocolBinding should be deprecated and a new method in RelyingPartyRegistration should be introduced that follows the SP metadata naming convention.
@jzheaux jzheaux added type: enhancement A general enhancement in: saml2 An issue in SAML2 modules labels Jun 29, 2020
@jzheaux jzheaux added this to the 5.4.0-RC1 milestone Jun 29, 2020
@jzheaux jzheaux self-assigned this Jun 29, 2020
@jzheaux jzheaux mentioned this issue Jul 15, 2020
Closed
jzheaux added a commit that referenced this issue Aug 19, 2020
@jzheaux
Polish AuthnRequest Customization Support
af5c55c 
Having the application generate the AuthnRequest fresh allows Spring
Security to back away more gracefully. Using a Consumer implies that
the application will need to undo any values that Spring Security set
that the application doesn't want.

Also, if this does become a configuration burden, it can be simplified
in a separate ticket by exposing the default Converter.

Issue gh-8776
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-RC1
Development

No branches or pull requests
1 participant
@jzheaux