首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

Remove WantAssertionsSigned

WantAssertionsSigned requires that asserting parties sign the
assertions. This does not reflect how Spring Security actually
behaves, creating behavior mismatches.

Closes gh-10844
Josh Cummings 3 年之前
父節點
8a56e4f35e
當前提交
3d878549f4
共有 2 個文件被更改,包括 2 次插入4 次删除
分割檢視 顯示文件統計
  1. 0 1
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
  2. 2 3
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java

+ 0 - 1
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
查看文件 

@@ -81,7 +81,6 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
 
 	private SPSSODescriptor buildSpSsoDescriptor(RelyingPartyRegistration registration) {
 
 		SPSSODescriptor spSsoDescriptor = build(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
 		spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
 
-		spSsoDescriptor.setWantAssertionsSigned(true);
 
 		spSsoDescriptor.getKeyDescriptors()
 
 				.addAll(buildKeys(registration.getSigningX509Credentials(), UsageType.SIGNING));
 
 		spSsoDescriptor.getKeyDescriptors()

+ 2 - 3
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
查看文件 

@@ -37,8 +37,7 @@ public class OpenSamlMetadataResolverTests {
 
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
 
 		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
 
-				.contains("WantAssertionsSigned=\"true\"").contains("<md:KeyDescriptor use=\"signing\">")
 
-				.contains("<md:KeyDescriptor use=\"encryption\">")
 
+				.contains("<md:KeyDescriptor use=\"signing\">").contains("<md:KeyDescriptor use=\"encryption\">")
 
 				.contains("<ds:X509Certificate>MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBh")
 
 				.contains("Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"")
 
 				.contains("Location=\"https://rp.example.org/acs\" index=\"1\"")
 
@@ -54,7 +53,7 @@ public class OpenSamlMetadataResolverTests {
 
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
 
 		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
 
-				.contains("WantAssertionsSigned=\"true\"").doesNotContain("<md:KeyDescriptor use=\"signing\">")
 
+				.doesNotContain("<md:KeyDescriptor use=\"signing\">")
 
 				.doesNotContain("<md:KeyDescriptor use=\"encryption\">")
 
 				.contains("Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"")
 
 				.contains("Location=\"https://rp.example.org/acs\" index=\"1\"")