hai 2 meses · 4d524b1fe1
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -134,7 +134,7 @@ public class Saml2LoginConfigurerTests {
 
				 
			
 
				 	private static final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials()
			
 
				 		.signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartySigningCredential()))
			
 
				-		.assertingPartyDetails((party) -> party
			
 
				+		.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 		.build();
			
 
				 
			
@@ -170,7 +170,7 @@ public class Saml2LoginConfigurerTests {
 
				 	@BeforeAll
			
 
				 	static void createResponse() throws Exception {
			
 
				 		String destination = registration.getAssertionConsumerServiceLocation();
			
 
				-		String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId();
			
 
				+		String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
			
 
				 		String relyingPartyEntityId = registration.getEntityId();
			
 
				 		Response response = TestOpenSamlObjects.response(destination, assertingPartyEntityId);
			
 
				 		Assertion assertion = TestOpenSamlObjects.assertion("test@saml.user", assertingPartyEntityId,
			
@@ -365,7 +365,7 @@ public class Saml2LoginConfigurerTests {
 
				 		request.queryParam("entityId", registration.getRegistrationId());
			
 
				 		MvcResult result = this.mvc.perform(request).andExpect(status().isFound()).andReturn();
			
 
				 		String redirectedUrl = result.getResponse().getRedirectedUrl();
			
 
				-		assertThat(redirectedUrl).startsWith(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+		assertThat(redirectedUrl).startsWith(registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
@@ -731,14 +731,14 @@ public class Saml2LogoutConfigurerTests {
 
				 			Saml2X509Credential verification = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
			
 
				 			RelyingPartyRegistration.Builder withCreds = TestRelyingPartyRegistrations.noCredentials()
			
 
				 				.signingX509Credentials(credential(signing))
			
 
				-				.assertingPartyDetails((party) -> party.verificationX509Credentials(credential(verification)));
			
 
				+				.assertingPartyMetadata((party) -> party.verificationX509Credentials(credential(verification)));
			
 
				 			RelyingPartyRegistration post = withCreds.build();
			
 
				 			RelyingPartyRegistration get = withCreds.registrationId("get")
			
 
				 				.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)
			
 
				 				.build();
			
 
				 			RelyingPartyRegistration ap = withCreds.registrationId("ap")
			
 
				 				.entityId("ap-entity-id")
			
 
				-				.assertingPartyDetails(
			
 
				+				.assertingPartyMetadata(
			
 
				 						(party) -> party.singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request")
			
 
				 							.singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response"))
			
 
				 				.build();
			
--- a/config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -98,7 +98,7 @@ public class Saml2LoginBeanDefinitionParserTests {
 
				 
			
 
				 	private static final RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials()
			
 
				 		.signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartySigningCredential()))
			
 
				-		.assertingPartyDetails((party) -> party
			
 
				+		.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 		.build();
			
 
				 
			
@@ -141,7 +141,7 @@ public class Saml2LoginBeanDefinitionParserTests {
 
				 	@BeforeAll
			
 
				 	static void createResponse() throws Exception {
			
 
				 		String destination = registration.getAssertionConsumerServiceLocation();
			
 
				-		String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId();
			
 
				+		String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
			
 
				 		String relyingPartyEntityId = registration.getEntityId();
			
 
				 		Response response = TestOpenSamlObjects.response(destination, assertingPartyEntityId);
			
 
				 		Assertion assertion = TestOpenSamlObjects.assertion("test@saml.user", assertingPartyEntityId,
			
--- a/config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2023 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -31,6 +31,7 @@ import org.springframework.http.MediaType;
 
				 import org.springframework.mock.web.MockHttpServletRequest;
			
 
				 import org.springframework.security.config.test.SpringTestContext;
			
 
				 import org.springframework.security.config.test.SpringTestContextExtension;
			
 
				+import org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata;
			
 
				 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
			
 
				 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
			
 
				 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
			
@@ -151,8 +152,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 			.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
			
 
				 			.findByRegistrationId("one");
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration
			
 
				-			.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata assertingPartyMetadata = relyingPartyRegistration.getAssertingPartyMetadata();
			
 
				 		assertThat(relyingPartyRegistration).isNotNull();
			
 
				 		assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one");
			
 
				 		assertThat(relyingPartyRegistration.getEntityId())
			
@@ -160,15 +160,15 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 		assertThat(relyingPartyRegistration.getAssertionConsumerServiceLocation())
			
 
				 			.isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}");
			
 
				 		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
			
 
				-		assertThat(assertingPartyDetails.getEntityId())
			
 
				+		assertThat(assertingPartyMetadata.getEntityId())
			
 
				 			.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php");
			
 
				-		assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isFalse();
			
 
				-		assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1);
			
 
				-		assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1);
			
 
				-		assertThat(assertingPartyDetails.getSingleSignOnServiceLocation())
			
 
				+		assertThat(assertingPartyMetadata.getWantAuthnRequestsSigned()).isFalse();
			
 
				+		assertThat(assertingPartyMetadata.getVerificationX509Credentials()).hasSize(1);
			
 
				+		assertThat(assertingPartyMetadata.getEncryptionX509Credentials()).hasSize(1);
			
 
				+		assertThat(assertingPartyMetadata.getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php");
			
 
				-		assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				-		assertThat(assertingPartyDetails.getSigningAlgorithms())
			
 
				+		assertThat(assertingPartyMetadata.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				+		assertThat(assertingPartyMetadata.getSigningAlgorithms())
			
 
				 			.containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
			
 
				 	}
			
 
				 
			
@@ -186,8 +186,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 			.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
			
 
				 			.findByRegistrationId("one");
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration
			
 
				-			.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata assertingPartyMetadata = relyingPartyRegistration.getAssertingPartyMetadata();
			
 
				 		assertThat(relyingPartyRegistration).isNotNull();
			
 
				 		assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one");
			
 
				 		assertThat(relyingPartyRegistration.getEntityId()).isEqualTo("https://rp.example.org");
			
@@ -195,15 +194,15 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 			.isEqualTo("https://rp.example.org/location");
			
 
				 		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding())
			
 
				 			.isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				-		assertThat(assertingPartyDetails.getEntityId())
			
 
				+		assertThat(assertingPartyMetadata.getEntityId())
			
 
				 			.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php");
			
 
				-		assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isFalse();
			
 
				-		assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1);
			
 
				-		assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1);
			
 
				-		assertThat(assertingPartyDetails.getSingleSignOnServiceLocation())
			
 
				+		assertThat(assertingPartyMetadata.getWantAuthnRequestsSigned()).isFalse();
			
 
				+		assertThat(assertingPartyMetadata.getVerificationX509Credentials()).hasSize(1);
			
 
				+		assertThat(assertingPartyMetadata.getEncryptionX509Credentials()).hasSize(1);
			
 
				+		assertThat(assertingPartyMetadata.getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php");
			
 
				-		assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				-		assertThat(assertingPartyDetails.getSigningAlgorithms())
			
 
				+		assertThat(assertingPartyMetadata.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				+		assertThat(assertingPartyMetadata.getSigningAlgorithms())
			
 
				 			.containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
			
 
				 	}
			
 
				 
			
@@ -214,8 +213,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 			.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository
			
 
				 			.findByRegistrationId("one");
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration
			
 
				-			.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata assertingPartyMetadata = relyingPartyRegistration.getAssertingPartyMetadata();
			
 
				 		assertThat(relyingPartyRegistration).isNotNull();
			
 
				 		assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one");
			
 
				 		assertThat(relyingPartyRegistration.getEntityId())
			
@@ -224,14 +222,14 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 			.isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}");
			
 
				 		assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding())
			
 
				 			.isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				-		assertThat(assertingPartyDetails.getEntityId()).isEqualTo("https://accounts.google.com/o/saml2/idp/entity-id");
			
 
				-		assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isTrue();
			
 
				-		assertThat(assertingPartyDetails.getSingleSignOnServiceLocation())
			
 
				+		assertThat(assertingPartyMetadata.getEntityId()).isEqualTo("https://accounts.google.com/o/saml2/idp/entity-id");
			
 
				+		assertThat(assertingPartyMetadata.getWantAuthnRequestsSigned()).isTrue();
			
 
				+		assertThat(assertingPartyMetadata.getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url");
			
 
				-		assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
			
 
				-		assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1);
			
 
				-		assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1);
			
 
				-		assertThat(assertingPartyDetails.getSigningAlgorithms())
			
 
				+		assertThat(assertingPartyMetadata.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST);
			
 
				+		assertThat(assertingPartyMetadata.getVerificationX509Credentials()).hasSize(1);
			
 
				+		assertThat(assertingPartyMetadata.getEncryptionX509Credentials()).hasSize(1);
			
 
				+		assertThat(assertingPartyMetadata.getSigningAlgorithms())
			
 
				 			.containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
			
 
				 	}
			
 
				 
			
@@ -241,9 +239,9 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests {
 
				 		assertThat(this.relyingPartyRegistrationRepository)
			
 
				 			.isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class);
			
 
				 		RelyingPartyRegistration one = this.relyingPartyRegistrationRepository.findByRegistrationId("one");
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails google = one.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata google = one.getAssertingPartyMetadata();
			
 
				 		RelyingPartyRegistration two = this.relyingPartyRegistrationRepository.findByRegistrationId("two");
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails simpleSaml = two.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata simpleSaml = two.getAssertingPartyMetadata();
			
 
				 		assertThat(one).isNotNull();
			
 
				 		assertThat(one.getRegistrationId()).isEqualTo("one");
			
 
				 		assertThat(one.getEntityId()).isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}");
			
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt
@@ -106,13 +106,13 @@ class Saml2DslTests {
 
				                             InMemoryRelyingPartyRegistrationRepository(
			
 
				                                     RelyingPartyRegistration.withRegistrationId("samlId")
			
 
				                                             .assertionConsumerServiceLocation("{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI)
			
 
				-                                            .assertingPartyDetails { a -> a
			
 
				+                                            .assertingPartyMetadata { a -> a
			
 
				                                                 .verificationX509Credentials { c -> c
			
 
				                                                     .add(Saml2X509Credential(loadCert("rod.cer"), Saml2X509Credential.Saml2X509CredentialType.VERIFICATION))
			
 
				                                                 }
			
 
				                                             }
			
 
				-                                            .assertingPartyDetails { c -> c.singleSignOnServiceLocation("ssoUrl") }
			
 
				-                                            .assertingPartyDetails { c -> c.entityId("entityId") }
			
 
				+                                            .assertingPartyMetadata { c -> c.singleSignOnServiceLocation("ssoUrl") }
			
 
				+                                            .assertingPartyMetadata { c -> c.entityId("entityId") }
			
 
				                                             .build()
			
 
				                             )
			
 
				                 }
			
@@ -152,7 +152,7 @@ class Saml2DslTests {
 
				             this.mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isFound()).andReturn()
			
 
				         val redirectedUrl = result.response.redirectedUrl
			
 
				         Assertions.assertThat(redirectedUrl)
			
 
				-            .startsWith(registration.assertingPartyDetails.singleSignOnServiceLocation)
			
 
				+            .startsWith(registration.assertingPartyMetadata.singleSignOnServiceLocation)
			
 
				     }
			
 
				 
			
 
				     @Configuration
			
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -48,7 +48,8 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
 
				 		super(registration.getRegistrationId(), registration.getEntityId(),
			
 
				 				registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(),
			
 
				 				registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(),
			
 
				-				registration.getSingleLogoutServiceBindings(), registration.getAssertingPartyDetails(),
			
 
				+				registration.getSingleLogoutServiceBindings(),
			
 
				+				(OpenSamlAssertingPartyDetails) registration.getAssertingPartyMetadata(),
			
 
				 				registration.getNameIdFormat(), registration.isAuthnRequestsSigned(),
			
 
				 				registration.getDecryptionX509Credentials(), registration.getSigningX509Credentials());
			
 
				 	}
			
@@ -58,7 +59,7 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
 
				 	 */
			
 
				 	@Override
			
 
				 	public OpenSamlRelyingPartyRegistration.Builder mutate() {
			
 
				-		OpenSamlAssertingPartyDetails party = getAssertingPartyDetails();
			
 
				+		OpenSamlAssertingPartyDetails party = (OpenSamlAssertingPartyDetails) getAssertingPartyMetadata();
			
 
				 		return new Builder(party).registrationId(getRegistrationId())
			
 
				 			.entityId(getEntityId())
			
 
				 			.signingX509Credentials((c) -> c.addAll(getSigningX509Credentials()))
			
@@ -72,14 +73,6 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
 
				 			.authnRequestsSigned(isAuthnRequestsSigned());
			
 
				 	}
			
 
				 
			
 
				-	/**
			
 
				-	 * {@inheritDoc}
			
 
				-	 */
			
 
				-	@Override
			
 
				-	public OpenSamlAssertingPartyDetails getAssertingPartyDetails() {
			
 
				-		return (OpenSamlAssertingPartyDetails) super.getAssertingPartyDetails();
			
 
				-	}
			
 
				-
			
 
				 	/**
			
 
				 	 * Create a {@link Builder} from an entity descriptor
			
 
				 	 * @param entityDescriptor the asserting party's {@link EntityDescriptor}
			
@@ -165,11 +158,6 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
 
				 			return (Builder) super.authnRequestsSigned(authnRequestsSigned);
			
 
				 		}
			
 
				 
			
 
				-		@Override
			
 
				-		public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
			
 
				-			return (Builder) super.assertingPartyDetails(assertingPartyDetails);
			
 
				-		}
			
 
				-
			
 
				 		@Override
			
 
				 		public Builder assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>> assertingPartyMetadata) {
			
 
				 			return (Builder) super.assertingPartyMetadata(assertingPartyMetadata);
			
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -56,7 +56,7 @@ import org.springframework.util.CollectionUtils;
 
				  * 			.entityId(relyingPartyEntityId)
			
 
				  * 			.assertionConsumerServiceLocation(assertingConsumerServiceLocation)
			
 
				  * 		 	.signingX509Credentials((c) -&gt; c.add(relyingPartySigningCredential))
			
 
				- * 			.assertingPartyDetails((details) -&gt; details
			
 
				+ * 			.assertingPartyMetadata((metadata) -&gt; metadata
			
 
				  * 				.entityId(assertingPartyEntityId));
			
 
				  * 				.singleSignOnServiceLocation(singleSignOnServiceLocation))
			
 
				  * 				.verifyingX509Credentials((c) -&gt; c.add(assertingPartyVerificationCredential))
			
@@ -145,7 +145,7 @@ public class RelyingPartyRegistration implements Serializable {
 
				 		Assert.notNull(assertionConsumerServiceBinding, "assertionConsumerServiceBinding cannot be null");
			
 
				 		Assert.isTrue(singleLogoutServiceLocation == null || !CollectionUtils.isEmpty(singleLogoutServiceBindings),
			
 
				 				"singleLogoutServiceBindings cannot be null or empty when singleLogoutServiceLocation is set");
			
 
				-		Assert.notNull(assertingPartyMetadata, "assertingPartyDetails cannot be null");
			
 
				+		Assert.notNull(assertingPartyMetadata, "assertingPartyMetadata cannot be null");
			
 
				 		Assert.notNull(decryptionX509Credentials, "decryptionX509Credentials cannot be null");
			
 
				 		for (Saml2X509Credential c : decryptionX509Credentials) {
			
 
				 			Assert.notNull(c, "decryptionX509Credentials cannot contain null elements");
			
@@ -352,22 +352,9 @@ public class RelyingPartyRegistration implements Serializable {
 
				 		return this.signingX509Credentials;
			
 
				 	}
			
 
				 
			
 
				-	/**
			
 
				-	 * Get the configuration details for the Asserting Party
			
 
				-	 * @return the {@link AssertingPartyDetails}
			
 
				-	 * @since 5.4
			
 
				-	 * @deprecated Use {@link #getAssertingPartyMetadata()} instead
			
 
				-	 */
			
 
				-	@Deprecated
			
 
				-	public AssertingPartyDetails getAssertingPartyDetails() {
			
 
				-		Assert.isInstanceOf(AssertingPartyDetails.class, this.assertingPartyMetadata,
			
 
				-				"This class was initialized with an AssertingPartyMetadata, please call #getAssertingPartyMetadata instead");
			
 
				-		return (AssertingPartyDetails) this.assertingPartyMetadata;
			
 
				-	}
			
 
				-
			
 
				 	/**
			
 
				 	 * Get the metadata for the Asserting Party
			
 
				-	 * @return the {@link AssertingPartyDetails}
			
 
				+	 * @return the {@link AssertingPartyMetadata}
			
 
				 	 * @since 6.4
			
 
				 	 */
			
 
				 	public AssertingPartyMetadata getAssertingPartyMetadata() {
			
@@ -385,26 +372,10 @@ public class RelyingPartyRegistration implements Serializable {
 
				 		return new Builder(registrationId, new AssertingPartyDetails.Builder());
			
 
				 	}
			
 
				 
			
 
				-	/**
			
 
				-	 * @param assertingPartyDetails the asserting party metadata
			
 
				-	 * @return {@code Builder} to create a {@code RelyingPartyRegistration} object
			
 
				-	 * @deprecated Use {@link #withAssertingPartyMetadata} instead
			
 
				-	 */
			
 
				-	@Deprecated(forRemoval = true, since = "6.4")
			
 
				-	public static Builder withAssertingPartyDetails(AssertingPartyDetails assertingPartyDetails) {
			
 
				-		Assert.notNull(assertingPartyDetails, "assertingPartyDetails cannot be null");
			
 
				-		return new Builder(assertingPartyDetails.getEntityId(), assertingPartyDetails.mutate());
			
 
				-	}
			
 
				-
			
 
				 	/**
			
 
				 	 * Creates a {@code RelyingPartyRegistration} {@link Builder} with a
			
 
				 	 * {@code registrationId} equivalent to the asserting party entity id. Also
			
 
				 	 * initializes to the contents of the given {@link AssertingPartyMetadata}.
			
 
				-	 *
			
 
				-	 * <p>
			
 
				-	 * Presented as a convenience method when working with
			
 
				-	 * {@link AssertingPartyMetadataRepository} return values. As such, only supports
			
 
				-	 * {@link AssertingPartyMetadata} instances of type {@link AssertingPartyDetails}.
			
 
				 	 * @param metadata the metadata used to initialize the
			
 
				 	 * {@link RelyingPartyRegistration} {@link Builder}
			
 
				 	 * @return {@link Builder} to create a {@link RelyingPartyRegistration} object
			
@@ -415,43 +386,6 @@ public class RelyingPartyRegistration implements Serializable {
 
				 		return new Builder(metadata.getEntityId(), metadata.mutate());
			
 
				 	}
			
 
				 
			
 
				-	/**
			
 
				-	 * Creates a {@code RelyingPartyRegistration} {@link Builder} based on an existing
			
 
				-	 * object
			
 
				-	 * @param registration the {@code RelyingPartyRegistration}
			
 
				-	 * @return {@code Builder} to create a {@code RelyingPartyRegistration} object
			
 
				-	 * @deprecated Use {@link #mutate()} instead
			
 
				-	 */
			
 
				-	@Deprecated(forRemoval = true, since = "6.1")
			
 
				-	public static Builder withRelyingPartyRegistration(RelyingPartyRegistration registration) {
			
 
				-		Assert.notNull(registration, "registration cannot be null");
			
 
				-		return withRegistrationId(registration.getRegistrationId()).entityId(registration.getEntityId())
			
 
				-			.signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials()))
			
 
				-			.decryptionX509Credentials((c) -> c.addAll(registration.getDecryptionX509Credentials()))
			
 
				-			.assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation())
			
 
				-			.assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding())
			
 
				-			.singleLogoutServiceLocation(registration.getSingleLogoutServiceLocation())
			
 
				-			.singleLogoutServiceResponseLocation(registration.getSingleLogoutServiceResponseLocation())
			
 
				-			.singleLogoutServiceBindings((c) -> c.addAll(registration.getSingleLogoutServiceBindings()))
			
 
				-			.nameIdFormat(registration.getNameIdFormat())
			
 
				-			.authnRequestsSigned(registration.isAuthnRequestsSigned())
			
 
				-			.assertingPartyDetails((assertingParty) -> assertingParty
			
 
				-				.entityId(registration.getAssertingPartyDetails().getEntityId())
			
 
				-				.wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
			
 
				-				.signingAlgorithms((algorithms) -> algorithms
			
 
				-					.addAll(registration.getAssertingPartyDetails().getSigningAlgorithms()))
			
 
				-				.verificationX509Credentials(
			
 
				-						(c) -> c.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials()))
			
 
				-				.encryptionX509Credentials(
			
 
				-						(c) -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials()))
			
 
				-				.singleSignOnServiceLocation(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
			
 
				-				.singleSignOnServiceBinding(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
			
 
				-				.singleLogoutServiceLocation(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation())
			
 
				-				.singleLogoutServiceResponseLocation(
			
 
				-						registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation())
			
 
				-				.singleLogoutServiceBinding(registration.getAssertingPartyDetails().getSingleLogoutServiceBinding()));
			
 
				-	}
			
 
				-
			
 
				 	/**
			
 
				 	 * The configuration metadata of the Asserting party
			
 
				 	 *
			
@@ -1083,21 +1017,6 @@ public class RelyingPartyRegistration implements Serializable {
 
				 			return this;
			
 
				 		}
			
 
				 
			
 
				-		/**
			
 
				-		 * Apply this {@link Consumer} to further configure the Asserting Party details
			
 
				-		 * @param assertingPartyDetails The {@link Consumer} to apply
			
 
				-		 * @return the {@link Builder} for further configuration
			
 
				-		 * @since 5.4
			
 
				-		 * @deprecated Use {@link #assertingPartyMetadata} instead
			
 
				-		 */
			
 
				-		@Deprecated(forRemoval = true, since = "6.4")
			
 
				-		public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
			
 
				-			Assert.isInstanceOf(AssertingPartyDetails.Builder.class, this.assertingPartyMetadataBuilder,
			
 
				-					"This class was constructed with an AssertingPartyMetadata instance, as such, please use #assertingPartyMetadata");
			
 
				-			assertingPartyDetails.accept((AssertingPartyDetails.Builder) this.assertingPartyMetadataBuilder);
			
 
				-			return this;
			
 
				-		}
			
 
				-
			
 
				 		/**
			
 
				 		 * Apply this {@link Consumer} to further configure the Asserting Party metadata
			
 
				 		 * @param assertingPartyMetadata The {@link Consumer} to apply
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
@@ -996,11 +996,11 @@ public class OpenSaml4AuthenticationProviderTests {
 
				 		return TestRelyingPartyRegistrations.noCredentials()
			
 
				 			.entityId(RELYING_PARTY_ENTITY_ID)
			
 
				 			.assertionConsumerServiceLocation(DESTINATION)
			
 
				-			.assertingPartyDetails((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
			
 
				+			.assertingPartyMetadata((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutRequestValidatorTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutRequestValidatorTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,7 +79,7 @@ public class OpenSaml4LogoutRequestValidatorTests {
 
				 	@Test
			
 
				 	public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
			
 
				 		RelyingPartyRegistration registration = registration()
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 			.build();
			
 
				 		LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
			
 
				 		Saml2LogoutRequest request = redirect(logoutRequest, registration,
			
@@ -167,7 +167,7 @@ public class OpenSaml4LogoutRequestValidatorTests {
 
				 
			
 
				 	private RelyingPartyRegistration.Builder registration() {
			
 
				 		return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
			
@@ -176,12 +176,12 @@ public class OpenSaml4LogoutRequestValidatorTests {
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential())));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
@@ -213,7 +213,7 @@ public class OpenSaml4LogoutRequestValidatorTests {
 
				 
			
 
				 	private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) {
			
 
				 		TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(),
			
 
				-				registration.getAssertingPartyDetails().getEntityId());
			
 
				+				registration.getAssertingPartyMetadata().getEntityId());
			
 
				 	}
			
 
				 
			
 
				 	private String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutResponseValidatorTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4LogoutResponseValidatorTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -63,7 +63,7 @@ public class OpenSaml4LogoutResponseValidatorTests {
 
				 	@Test
			
 
				 	public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
			
 
				 		RelyingPartyRegistration registration = signing(verifying(registration()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 			.build();
			
 
				 		Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
			
 
				 			.id("id")
			
@@ -150,11 +150,11 @@ public class OpenSaml4LogoutResponseValidatorTests {
 
				 
			
 
				 	private RelyingPartyRegistration.Builder registration() {
			
 
				 		return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
@@ -180,7 +180,7 @@ public class OpenSaml4LogoutResponseValidatorTests {
 
				 
			
 
				 	private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) {
			
 
				 		TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(),
			
 
				-				registration.getAssertingPartyDetails().getEntityId());
			
 
				+				registration.getAssertingPartyMetadata().getEntityId());
			
 
				 	}
			
 
				 
			
 
				 	private String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidatorTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidatorTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,7 +79,7 @@ public class OpenSamlLogoutRequestValidatorTests {
 
				 	@Test
			
 
				 	public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
			
 
				 		RelyingPartyRegistration registration = registration()
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 			.build();
			
 
				 		LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
			
 
				 		Saml2LogoutRequest request = redirect(logoutRequest, registration,
			
@@ -167,7 +167,7 @@ public class OpenSamlLogoutRequestValidatorTests {
 
				 
			
 
				 	private RelyingPartyRegistration.Builder registration() {
			
 
				 		return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
			
@@ -176,12 +176,12 @@ public class OpenSamlLogoutRequestValidatorTests {
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential())));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
@@ -213,7 +213,7 @@ public class OpenSamlLogoutRequestValidatorTests {
 
				 
			
 
				 	private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) {
			
 
				 		TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(),
			
 
				-				registration.getAssertingPartyDetails().getEntityId());
			
 
				+				registration.getAssertingPartyMetadata().getEntityId());
			
 
				 	}
			
 
				 
			
 
				 	private String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidatorTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidatorTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -63,7 +63,7 @@ public class OpenSamlLogoutResponseValidatorTests {
 
				 	@Test
			
 
				 	public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
			
 
				 		RelyingPartyRegistration registration = signing(verifying(registration()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 			.build();
			
 
				 		Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
			
 
				 			.id("id")
			
@@ -150,11 +150,11 @@ public class OpenSamlLogoutResponseValidatorTests {
 
				 
			
 
				 	private RelyingPartyRegistration.Builder registration() {
			
 
				 		return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
@@ -180,7 +180,7 @@ public class OpenSamlLogoutResponseValidatorTests {
 
				 
			
 
				 	private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) {
			
 
				 		TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(),
			
 
				-				registration.getAssertingPartyDetails().getEntityId());
			
 
				+				registration.getAssertingPartyMetadata().getEntityId());
			
 
				 	}
			
 
				 
			
 
				 	private String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml4MetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml4MetadataResolverTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,7 +79,7 @@ public class OpenSaml4MetadataResolverTests {
 
				 	@Test
			
 
				 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
			
 
				-			.assertingPartyDetails((party) -> party
			
 
				+			.assertingPartyMetadata((party) -> party
			
 
				 				.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 			.build();
			
 
				 		OpenSaml4MetadataResolver OpenSaml4MetadataResolver = new OpenSaml4MetadataResolver();
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,7 +79,7 @@ public class OpenSamlMetadataResolverTests {
 
				 	@Test
			
 
				 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
			
 
				-			.assertingPartyDetails((party) -> party
			
 
				+			.assertingPartyMetadata((party) -> party
			
 
				 				.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 			.build();
			
 
				 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepositoryTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepositoryTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -224,7 +224,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
 
				 			.withTrustedMetadataLocation(web.url(endpoint).toString())
			
 
				 			.verificationCredentials((c) -> c.add(credential))
			
 
				 			.build();
			
 
				-		assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull();
			
 
				+		assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -256,7 +256,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
 
				 		AssertingPartyMetadataRepository parties = OpenSaml4AssertingPartyMetadataRepository
			
 
				 			.withTrustedMetadataLocation(web.url(endpoint).toString())
			
 
				 			.build();
			
 
				-		assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull();
			
 
				+		assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -295,7 +295,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
 
				 		AssertingPartyMetadataRepository parties = new OpenSaml4AssertingPartyMetadataRepository(resolver);
			
 
				 		parties.iterator()
			
 
				 			.forEachRemaining((p) -> assertThat(p.getEntityId())
			
 
				-				.isEqualTo(registration.getAssertingPartyDetails().getEntityId()));
			
 
				+				.isEqualTo(registration.getAssertingPartyMetadata().getEntityId()));
			
 
				 		verify(((IterableMetadataSource) resolver)).iterator();
			
 
				 	}
			
 
				 
			
@@ -336,7 +336,7 @@ public class OpenSaml4AssertingPartyMetadataRepositoryTests {
 
				 			.withMetadataLocation(web.url(endpoint).toString())
			
 
				 			.verificationCredentials((c) -> c.add(credential))
			
 
				 			.build();
			
 
				-		assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull();
			
 
				+		assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
			
 
				 	}
			
 
				 
			
 
				 	private static String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4AuthenticationRequestResolverTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -56,13 +56,13 @@ public class OpenSaml4AuthenticationRequestResolverTests {
 
				 		Saml2RedirectAuthenticationRequest authnRequest = resolver.resolve(this.request);
			
 
				 		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				 		assertThat(authnRequest.getAuthenticationRequestUri())
			
 
				-			.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+			.isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
 
				 	void resolveWhenPostThenSaml2PostAuthenticationRequest() {
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
			
 
				-			.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				 			.build();
			
 
				 		RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class);
			
 
				 		given(relyingParties.resolve(any(), any())).willReturn(registration);
			
@@ -70,7 +70,7 @@ public class OpenSaml4AuthenticationRequestResolverTests {
 
				 		Saml2PostAuthenticationRequest authnRequest = resolver.resolve(this.request);
			
 
				 		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.POST);
			
 
				 		assertThat(authnRequest.getAuthenticationRequestUri())
			
 
				-			.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+			.isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -97,7 +97,7 @@ public class OpenSaml4AuthenticationRequestResolverTests {
 
				 
			
 
				 		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				 		assertThat(authnRequest.getAuthenticationRequestUri())
			
 
				-			.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+			.isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 
			
 
				 	}
			
 
				 
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4SigningUtilsTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml4SigningUtilsTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -56,7 +56,7 @@ public class OpenSaml4SigningUtilsTests {
 
				 				c.add(TestSaml2X509Credentials.relyingPartySigningCredential());
			
 
				 				c.add(TestSaml2X509Credentials.assertingPartySigningCredential());
			
 
				 			})
			
 
				-			.assertingPartyDetails((c) -> c.entityId("https://some.idp.example.com/entity-id")
			
 
				+			.assertingPartyMetadata((c) -> c.entityId("https://some.idp.example.com/entity-id")
			
 
				 				.singleSignOnServiceLocation("https://some.idp.example.com/service-location"))
			
 
				 			.build();
			
 
				 	}
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml4LogoutResponseResolverTests.java
@@ -65,7 +65,7 @@ public class OpenSaml4LogoutResponseResolverTests {
 
				 		logoutResponseResolver.setParametersConsumer(parametersConsumer);
			
 
				 		MockHttpServletRequest request = new MockHttpServletRequest();
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
			
 
				-			.assertingPartyDetails(
			
 
				+			.assertingPartyMetadata(
			
 
				 					(party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout"))
			
 
				 			.build();
			
 
				 		Authentication authentication = new TestingAuthenticationToken("user", "password");
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java
@@ -1082,11 +1082,11 @@ public class OpenSaml5AuthenticationProviderTests {
 
				 		return TestRelyingPartyRegistrations.noCredentials()
			
 
				 			.entityId(RELYING_PARTY_ENTITY_ID)
			
 
				 			.assertionConsumerServiceLocation(DESTINATION)
			
 
				-			.assertingPartyDetails((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
			
 
				+			.assertingPartyMetadata((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutRequestValidatorTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutRequestValidatorTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,7 +79,7 @@ public class OpenSaml5LogoutRequestValidatorTests {
 
				 	@Test
			
 
				 	public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
			
 
				 		RelyingPartyRegistration registration = registration()
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 			.build();
			
 
				 		LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
			
 
				 		Saml2LogoutRequest request = redirect(logoutRequest, registration,
			
@@ -167,7 +167,7 @@ public class OpenSaml5LogoutRequestValidatorTests {
 
				 
			
 
				 	private RelyingPartyRegistration.Builder registration() {
			
 
				 		return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
			
@@ -176,12 +176,12 @@ public class OpenSaml5LogoutRequestValidatorTests {
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder encrypting(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.encryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyEncryptingCredential())));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
@@ -213,7 +213,7 @@ public class OpenSaml5LogoutRequestValidatorTests {
 
				 
			
 
				 	private void sign(LogoutRequest logoutRequest, RelyingPartyRegistration registration) {
			
 
				 		TestOpenSamlObjects.signed(logoutRequest, registration.getSigningX509Credentials().iterator().next(),
			
 
				-				registration.getAssertingPartyDetails().getEntityId());
			
 
				+				registration.getAssertingPartyMetadata().getEntityId());
			
 
				 	}
			
 
				 
			
 
				 	private String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutResponseValidatorTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml5LogoutResponseValidatorTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -63,7 +63,7 @@ public class OpenSaml5LogoutResponseValidatorTests {
 
				 	@Test
			
 
				 	public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
			
 
				 		RelyingPartyRegistration registration = signing(verifying(registration()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 			.build();
			
 
				 		Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
			
 
				 			.id("id")
			
@@ -150,11 +150,11 @@ public class OpenSaml5LogoutResponseValidatorTests {
 
				 
			
 
				 	private RelyingPartyRegistration.Builder registration() {
			
 
				 		return signing(verifying(TestRelyingPartyRegistrations.noCredentials()))
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST));
			
 
				 	}
			
 
				 
			
 
				 	private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
			
 
				-		return builder.assertingPartyDetails((party) -> party
			
 
				+		return builder.assertingPartyMetadata((party) -> party
			
 
				 			.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
			
 
				 	}
			
 
				 
			
@@ -180,7 +180,7 @@ public class OpenSaml5LogoutResponseValidatorTests {
 
				 
			
 
				 	private void sign(LogoutResponse logoutResponse, RelyingPartyRegistration registration) {
			
 
				 		TestOpenSamlObjects.signed(logoutResponse, registration.getSigningX509Credentials().iterator().next(),
			
 
				-				registration.getAssertingPartyDetails().getEntityId());
			
 
				+				registration.getAssertingPartyMetadata().getEntityId());
			
 
				 	}
			
 
				 
			
 
				 	private String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml5MetadataResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml5MetadataResolverTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,7 +79,7 @@ public class OpenSaml5MetadataResolverTests {
 
				 	@Test
			
 
				 	public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
			
 
				-			.assertingPartyDetails((party) -> party
			
 
				+			.assertingPartyMetadata((party) -> party
			
 
				 				.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 			.build();
			
 
				 		OpenSaml5MetadataResolver OpenSaml4MetadataResolver = new OpenSaml5MetadataResolver();
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepositoryTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/registration/OpenSaml5AssertingPartyMetadataRepositoryTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -224,7 +224,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
 
				 			.withTrustedMetadataLocation(web.url(endpoint).toString())
			
 
				 			.verificationCredentials((c) -> c.add(credential))
			
 
				 			.build();
			
 
				-		assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull();
			
 
				+		assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -256,7 +256,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
 
				 		AssertingPartyMetadataRepository parties = OpenSaml5AssertingPartyMetadataRepository
			
 
				 			.withTrustedMetadataLocation(web.url(endpoint).toString())
			
 
				 			.build();
			
 
				-		assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull();
			
 
				+		assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -295,7 +295,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
 
				 		AssertingPartyMetadataRepository parties = new OpenSaml5AssertingPartyMetadataRepository(resolver);
			
 
				 		parties.iterator()
			
 
				 			.forEachRemaining((p) -> assertThat(p.getEntityId())
			
 
				-				.isEqualTo(registration.getAssertingPartyDetails().getEntityId()));
			
 
				+				.isEqualTo(registration.getAssertingPartyMetadata().getEntityId()));
			
 
				 		verify(((IterableMetadataSource) resolver)).iterator();
			
 
				 	}
			
 
				 
			
@@ -336,7 +336,7 @@ public class OpenSaml5AssertingPartyMetadataRepositoryTests {
 
				 			.withMetadataLocation(web.url(endpoint).toString())
			
 
				 			.verificationCredentials((c) -> c.add(credential))
			
 
				 			.build();
			
 
				-		assertThat(parties.findByEntityId(registration.getAssertingPartyDetails().getEntityId())).isNotNull();
			
 
				+		assertThat(parties.findByEntityId(registration.getAssertingPartyMetadata().getEntityId())).isNotNull();
			
 
				 	}
			
 
				 
			
 
				 	private static String serialize(XMLObject object) {
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5AuthenticationRequestResolverTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -56,13 +56,13 @@ public class OpenSaml5AuthenticationRequestResolverTests {
 
				 		Saml2RedirectAuthenticationRequest authnRequest = resolver.resolve(this.request);
			
 
				 		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				 		assertThat(authnRequest.getAuthenticationRequestUri())
			
 
				-			.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+			.isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
 
				 	void resolveWhenPostThenSaml2PostAuthenticationRequest() {
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
			
 
				-			.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				 			.build();
			
 
				 		RelyingPartyRegistrationResolver relyingParties = mock(RelyingPartyRegistrationResolver.class);
			
 
				 		given(relyingParties.resolve(any(), any())).willReturn(registration);
			
@@ -70,7 +70,7 @@ public class OpenSaml5AuthenticationRequestResolverTests {
 
				 		Saml2PostAuthenticationRequest authnRequest = resolver.resolve(this.request);
			
 
				 		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.POST);
			
 
				 		assertThat(authnRequest.getAuthenticationRequestUri())
			
 
				-			.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+			.isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -97,7 +97,7 @@ public class OpenSaml5AuthenticationRequestResolverTests {
 
				 
			
 
				 		assertThat(authnRequest.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
 
				 		assertThat(authnRequest.getAuthenticationRequestUri())
			
 
				-			.isEqualTo(this.registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+			.isEqualTo(this.registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 
			
 
				 	}
			
 
				 
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5SigningUtilsTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSaml5SigningUtilsTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -56,7 +56,7 @@ public class OpenSaml5SigningUtilsTests {
 
				 				c.add(TestSaml2X509Credentials.relyingPartySigningCredential());
			
 
				 				c.add(TestSaml2X509Credentials.assertingPartySigningCredential());
			
 
				 			})
			
 
				-			.assertingPartyDetails((c) -> c.entityId("https://some.idp.example.com/entity-id")
			
 
				+			.assertingPartyMetadata((c) -> c.entityId("https://some.idp.example.com/entity-id")
			
 
				 				.singleSignOnServiceLocation("https://some.idp.example.com/service-location"))
			
 
				 			.build();
			
 
				 	}
			
--- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml5LogoutResponseResolverTests.java
+++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSaml5LogoutResponseResolverTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -56,7 +56,7 @@ public class OpenSaml5LogoutResponseResolverTests {
 
				 		logoutResponseResolver.setParametersConsumer(parametersConsumer);
			
 
				 		MockHttpServletRequest request = new MockHttpServletRequest();
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
			
 
				-			.assertingPartyDetails(
			
 
				+			.assertingPartyMetadata(
			
 
				 					(party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout"))
			
 
				 			.build();
			
 
				 		Authentication authentication = new TestingAuthenticationToken("user", "password");
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/TestSaml2JsonPayloads.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/TestSaml2JsonPayloads.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -147,7 +147,7 @@ final class TestSaml2JsonPayloads {
 
				 		return Saml2PostAuthenticationRequest
			
 
				 			.withRelyingPartyRegistration(TestRelyingPartyRegistrations.full()
			
 
				 				.registrationId(RELYINGPARTY_REGISTRATION_ID)
			
 
				-				.assertingPartyDetails((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI))
			
 
				+				.assertingPartyMetadata((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI))
			
 
				 				.build())
			
 
				 			.samlRequest(SAML_REQUEST)
			
 
				 			.relayState(RELAY_STATE)
			
@@ -159,7 +159,7 @@ final class TestSaml2JsonPayloads {
 
				 		return Saml2RedirectAuthenticationRequest
			
 
				 			.withRelyingPartyRegistration(TestRelyingPartyRegistrations.full()
			
 
				 				.registrationId(RELYINGPARTY_REGISTRATION_ID)
			
 
				-				.assertingPartyDetails((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI))
			
 
				+				.assertingPartyMetadata((party) -> party.singleSignOnServiceLocation(AUTHENTICATION_REQUEST_URI))
			
 
				 				.build())
			
 
				 			.samlRequest(SAML_REQUEST)
			
 
				 			.relayState(RELAY_STATE)
			
@@ -173,7 +173,7 @@ final class TestSaml2JsonPayloads {
 
				 		return Saml2LogoutRequest
			
 
				 			.withRelyingPartyRegistration(TestRelyingPartyRegistrations.full()
			
 
				 				.registrationId(RELYINGPARTY_REGISTRATION_ID)
			
 
				-				.assertingPartyDetails((party) -> party.singleLogoutServiceLocation(LOCATION)
			
 
				+				.assertingPartyMetadata((party) -> party.singleLogoutServiceLocation(LOCATION)
			
 
				 					.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT))
			
 
				 				.build())
			
 
				 			.id(ID)
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -416,7 +416,7 @@ public final class TestOpenSamlObjects {
 
				 		logoutRequest.setNameID(nameId);
			
 
				 		IssuerBuilder issuerBuilder = new IssuerBuilder();
			
 
				 		Issuer issuer = issuerBuilder.buildObject();
			
 
				-		issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
			
 
				+		issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
			
 
				 		logoutRequest.setIssuer(issuer);
			
 
				 		logoutRequest.setDestination(registration.getSingleLogoutServiceLocation());
			
 
				 		return logoutRequest;
			
@@ -430,7 +430,7 @@ public final class TestOpenSamlObjects {
 
				 		NameID nameId = nameIdBuilder.buildObject();
			
 
				 		nameId.setValue("user");
			
 
				 		logoutRequest.setNameID(null);
			
 
				-		Saml2X509Credential credential = registration.getAssertingPartyDetails()
			
 
				+		Saml2X509Credential credential = registration.getAssertingPartyMetadata()
			
 
				 			.getEncryptionX509Credentials()
			
 
				 			.iterator()
			
 
				 			.next();
			
@@ -438,7 +438,7 @@ public final class TestOpenSamlObjects {
 
				 		logoutRequest.setEncryptedID(encrypted);
			
 
				 		IssuerBuilder issuerBuilder = new IssuerBuilder();
			
 
				 		Issuer issuer = issuerBuilder.buildObject();
			
 
				-		issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
			
 
				+		issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
			
 
				 		logoutRequest.setIssuer(issuer);
			
 
				 		logoutRequest.setDestination(registration.getSingleLogoutServiceLocation());
			
 
				 		return logoutRequest;
			
@@ -457,7 +457,7 @@ public final class TestOpenSamlObjects {
 
				 		logoutResponse.setStatus(status);
			
 
				 		IssuerBuilder issuerBuilder = new IssuerBuilder();
			
 
				 		Issuer issuer = issuerBuilder.buildObject();
			
 
				-		issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
			
 
				+		issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
			
 
				 		logoutResponse.setIssuer(issuer);
			
 
				 		logoutResponse.setDestination(registration.getSingleLogoutServiceResponseLocation());
			
 
				 		return logoutResponse;
			
@@ -473,23 +473,23 @@ public final class TestOpenSamlObjects {
 
				 		logoutRequest.setNameID(nameId);
			
 
				 		IssuerBuilder issuerBuilder = new IssuerBuilder();
			
 
				 		Issuer issuer = issuerBuilder.buildObject();
			
 
				-		issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
			
 
				+		issuer.setValue(registration.getAssertingPartyMetadata().getEntityId());
			
 
				 		logoutRequest.setIssuer(issuer);
			
 
				-		logoutRequest.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
			
 
				+		logoutRequest.setDestination(registration.getAssertingPartyMetadata().getSingleLogoutServiceLocation());
			
 
				 		return logoutRequest;
			
 
				 	}
			
 
				 
			
 
				 	public static EntityDescriptor entityDescriptor(RelyingPartyRegistration registration) {
			
 
				 		EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
			
 
				 		EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
			
 
				-		entityDescriptor.setEntityID(registration.getAssertingPartyDetails().getEntityId());
			
 
				+		entityDescriptor.setEntityID(registration.getAssertingPartyMetadata().getEntityId());
			
 
				 		IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder();
			
 
				 		IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
			
 
				 		idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
			
 
				 		SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder();
			
 
				 		SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject();
			
 
				 		singleSignOnService.setBinding(Saml2MessageBinding.POST.getUrn());
			
 
				-		singleSignOnService.setLocation(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
			
 
				+		singleSignOnService.setLocation(registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation());
			
 
				 		idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
			
 
				 		KeyDescriptorBuilder keyDescriptorBuilder = new KeyDescriptorBuilder();
			
 
				 		KeyDescriptor keyDescriptor = keyDescriptorBuilder.buildObject();
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepositoryTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/InMemoryRelyingPartyRegistrationRepositoryTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2023 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -47,7 +47,7 @@ public class InMemoryRelyingPartyRegistrationRepositoryTests {
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build();
			
 
				 		InMemoryRelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository(
			
 
				 				registration);
			
 
				-		String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId();
			
 
				+		String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
			
 
				 		assertThat(registrations.findUniqueByAssertingPartyEntityId(assertingPartyEntityId)).isEqualTo(registration);
			
 
				 	}
			
 
				 
			
@@ -56,7 +56,7 @@ public class InMemoryRelyingPartyRegistrationRepositoryTests {
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().build();
			
 
				 		InMemoryRelyingPartyRegistrationRepository registrations = new InMemoryRelyingPartyRegistrationRepository(
			
 
				 				registration);
			
 
				-		String assertingPartyEntityId = registration.getAssertingPartyDetails().getEntityId();
			
 
				+		String assertingPartyEntityId = registration.getAssertingPartyMetadata().getEntityId();
			
 
				 		assertThat(registrations.findUniqueByAssertingPartyEntityId(assertingPartyEntityId + "wrong")).isNull();
			
 
				 	}
			
 
				 
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2020 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -102,7 +102,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
				 		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
			
 
				 			.registrationId("one")
			
 
				 			.build();
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
			
 
				 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
			
 
				 		assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
@@ -128,7 +128,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
				 		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
			
 
				 			.registrationId("one")
			
 
				 			.build();
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
			
 
				 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
			
 
				 		assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
			
@@ -149,7 +149,7 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverterTests {
 
				 		RelyingPartyRegistration registration = this.converter.read(RelyingPartyRegistration.Builder.class, response)
			
 
				 			.registrationId("one")
			
 
				 			.build();
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 		assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate())
			
 
				 			.isEqualTo(x509Certificate(CERTIFICATE));
			
 
				 		assertThat(details.getEncryptionX509Credentials()).hasSize(1);
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2023 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -24,7 +24,6 @@ import org.junit.jupiter.api.Test;
 
				 
			
 
				 import org.springframework.security.saml2.core.Saml2X509Credential;
			
 
				 import org.springframework.security.saml2.core.TestSaml2X509Credentials;
			
 
				-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
			
 
				 import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
			
 
				 
			
 
				 import static org.assertj.core.api.Assertions.assertThat;
			
@@ -37,12 +36,12 @@ public class RelyingPartyRegistrationTests {
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
			
 
				 			.nameIdFormat("format")
			
 
				 			.authnRequestsSigned(true)
			
 
				-			.assertingPartyDetails((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				-			.assertingPartyDetails((a) -> a.wantAuthnRequestsSigned(false))
			
 
				-			.assertingPartyDetails((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
			
 
				+			.assertingPartyMetadata((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((a) -> a.wantAuthnRequestsSigned(false))
			
 
				+			.assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
			
 
				 			.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
			
 
				 			.build();
			
 
				-		RelyingPartyRegistration copy = RelyingPartyRegistration.withRelyingPartyRegistration(registration).build();
			
 
				+		RelyingPartyRegistration copy = registration.mutate().build();
			
 
				 		compareRegistrations(registration, copy);
			
 
				 	}
			
 
				 
			
@@ -50,9 +49,9 @@ public class RelyingPartyRegistrationTests {
 
				 	void mutateWhenInvokedThenCreatesCopy() {
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration()
			
 
				 			.nameIdFormat("format")
			
 
				-			.assertingPartyDetails((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				-			.assertingPartyDetails((a) -> a.wantAuthnRequestsSigned(false))
			
 
				-			.assertingPartyDetails((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
			
 
				+			.assertingPartyMetadata((a) -> a.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((a) -> a.wantAuthnRequestsSigned(false))
			
 
				+			.assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
			
 
				 			.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
			
 
				 			.build();
			
 
				 		RelyingPartyRegistration copy = registration.mutate().build();
			
@@ -61,8 +60,8 @@ public class RelyingPartyRegistrationTests {
 
				 
			
 
				 	private void compareRegistrations(RelyingPartyRegistration registration, RelyingPartyRegistration copy) {
			
 
				 		assertThat(copy.getRegistrationId()).isEqualTo(registration.getRegistrationId()).isEqualTo("simplesamlphp");
			
 
				-		assertThat(copy.getAssertingPartyDetails().getEntityId())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getEntityId())
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getEntityId())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getEntityId())
			
 
				 			.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php");
			
 
				 		assertThat(copy.getAssertionConsumerServiceLocation())
			
 
				 			.isEqualTo(registration.getAssertionConsumerServiceLocation())
			
@@ -73,25 +72,25 @@ public class RelyingPartyRegistrationTests {
 
				 			.isEqualTo(copy.getEntityId())
			
 
				 			.isEqualTo(registration.getEntityId())
			
 
				 			.isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}");
			
 
				-		assertThat(copy.getAssertingPartyDetails().getSingleSignOnServiceLocation())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation())
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getSingleSignOnServiceLocation())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php");
			
 
				-		assertThat(copy.getAssertingPartyDetails().getSingleSignOnServiceBinding())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getSingleSignOnServiceBinding())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getSingleSignOnServiceBinding())
			
 
				 			.isEqualTo(Saml2MessageBinding.POST);
			
 
				-		assertThat(copy.getAssertingPartyDetails().getWantAuthnRequestsSigned())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned())
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getWantAuthnRequestsSigned())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getWantAuthnRequestsSigned())
			
 
				 			.isFalse();
			
 
				 		assertThat(copy.getAssertionConsumerServiceBinding())
			
 
				 			.isEqualTo(registration.getAssertionConsumerServiceBinding());
			
 
				 		assertThat(copy.getDecryptionX509Credentials()).isEqualTo(registration.getDecryptionX509Credentials());
			
 
				 		assertThat(copy.getSigningX509Credentials()).isEqualTo(registration.getSigningX509Credentials());
			
 
				-		assertThat(copy.getAssertingPartyDetails().getEncryptionX509Credentials())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getEncryptionX509Credentials());
			
 
				-		assertThat(copy.getAssertingPartyDetails().getVerificationX509Credentials())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getVerificationX509Credentials());
			
 
				-		assertThat(copy.getAssertingPartyDetails().getSigningAlgorithms())
			
 
				-			.isEqualTo(registration.getAssertingPartyDetails().getSigningAlgorithms());
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getEncryptionX509Credentials())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getEncryptionX509Credentials());
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getVerificationX509Credentials())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getVerificationX509Credentials());
			
 
				+		assertThat(copy.getAssertingPartyMetadata().getSigningAlgorithms())
			
 
				+			.isEqualTo(registration.getAssertingPartyMetadata().getSigningAlgorithms());
			
 
				 		assertThat(copy.getNameIdFormat()).isEqualTo(registration.getNameIdFormat());
			
 
				 		assertThat(copy.isAuthnRequestsSigned()).isEqualTo(registration.isAuthnRequestsSigned());
			
 
				 	}
			
@@ -101,7 +100,7 @@ public class RelyingPartyRegistrationTests {
 
				 		RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("id")
			
 
				 			.entityId("entity-id")
			
 
				 			.assertionConsumerServiceLocation("location")
			
 
				-			.assertingPartyDetails((assertingParty) -> assertingParty.entityId("entity-id")
			
 
				+			.assertingPartyMetadata((assertingParty) -> assertingParty.entityId("entity-id")
			
 
				 				.singleSignOnServiceLocation("location")
			
 
				 				.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 			.build();
			
@@ -119,7 +118,7 @@ public class RelyingPartyRegistrationTests {
 
				 
			
 
				 		// Test with the alt credentials first
			
 
				 		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
			
 
				-			.assertingPartyDetails((assertingParty) -> assertingParty.verificationX509Credentials((c) -> {
			
 
				+			.assertingPartyMetadata((assertingParty) -> assertingParty.verificationX509Credentials((c) -> {
			
 
				 				c.add(altApCredential);
			
 
				 				c.add(verifyingCredential);
			
 
				 			}).encryptionX509Credentials((c) -> {
			
@@ -139,14 +138,14 @@ public class RelyingPartyRegistrationTests {
 
				 				signingCredential);
			
 
				 		assertThat(relyingPartyRegistration.getDecryptionX509Credentials()).containsExactly(altRpCredential,
			
 
				 				decryptionCredential);
			
 
				-		assertThat(relyingPartyRegistration.getAssertingPartyDetails().getVerificationX509Credentials())
			
 
				+		assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getVerificationX509Credentials())
			
 
				 			.containsExactly(altApCredential, verifyingCredential);
			
 
				-		assertThat(relyingPartyRegistration.getAssertingPartyDetails().getEncryptionX509Credentials())
			
 
				+		assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getEncryptionX509Credentials())
			
 
				 			.containsExactly(altApCredential, encryptingCredential);
			
 
				 
			
 
				 		// Test with the alt credentials last
			
 
				 		relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials()
			
 
				-			.assertingPartyDetails((assertingParty) -> assertingParty.verificationX509Credentials((c) -> {
			
 
				+			.assertingPartyMetadata((assertingParty) -> assertingParty.verificationX509Credentials((c) -> {
			
 
				 				c.add(verifyingCredential);
			
 
				 				c.add(altApCredential);
			
 
				 			}).encryptionX509Credentials((c) -> {
			
@@ -166,9 +165,9 @@ public class RelyingPartyRegistrationTests {
 
				 				altRpCredential);
			
 
				 		assertThat(relyingPartyRegistration.getDecryptionX509Credentials()).containsExactly(decryptionCredential,
			
 
				 				altRpCredential);
			
 
				-		assertThat(relyingPartyRegistration.getAssertingPartyDetails().getVerificationX509Credentials())
			
 
				+		assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getVerificationX509Credentials())
			
 
				 			.containsExactly(verifyingCredential, altApCredential);
			
 
				-		assertThat(relyingPartyRegistration.getAssertingPartyDetails().getEncryptionX509Credentials())
			
 
				+		assertThat(relyingPartyRegistration.getAssertingPartyMetadata().getEncryptionX509Credentials())
			
 
				 			.containsExactly(encryptingCredential, altApCredential);
			
 
				 	}
			
 
				 
			
@@ -203,10 +202,12 @@ public class RelyingPartyRegistrationTests {
 
				 		AssertingPartyMetadata metadata = new CustomAssertingPartyMetadata();
			
 
				 		assertThatExceptionOfType(IllegalArgumentException.class)
			
 
				 			.isThrownBy(() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata)
			
 
				-				.assertingPartyDetails((a) -> a.entityId("entity-id"))
			
 
				+				.assertingPartyMetadata((a) -> a.entityId("entity-id"))
			
 
				 				.build());
			
 
				-		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(
			
 
				-				() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata).build().getAssertingPartyDetails());
			
 
				+		assertThatExceptionOfType(IllegalArgumentException.class)
			
 
				+			.isThrownBy(() -> RelyingPartyRegistration.withAssertingPartyMetadata(metadata)
			
 
				+				.build()
			
 
				+				.getAssertingPartyMetadata());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -218,9 +219,9 @@ public class RelyingPartyRegistrationTests {
 
				 			.assertingPartyMetadata((a) -> a.signingAlgorithms((algs) -> algs.add("alg")))
			
 
				 			.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT)
			
 
				 			.build();
			
 
				-		AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				-		RelyingPartyRegistration copied = RelyingPartyRegistration.withAssertingPartyDetails(details)
			
 
				-			.assertingPartyDetails((a) -> a.entityId(details.getEntityId()))
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				+		RelyingPartyRegistration copied = RelyingPartyRegistration.withAssertingPartyMetadata(details)
			
 
				+			.assertingPartyMetadata((a) -> a.entityId(details.getEntityId()))
			
 
				 			.registrationId(registration.getRegistrationId())
			
 
				 			.entityId(registration.getEntityId())
			
 
				 			.signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials()))
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrationsTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2022 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -65,7 +65,7 @@ public class RelyingPartyRegistrationsTests {
 
				 				.fromMetadataLocation(server.url("/").toString())
			
 
				 				.entityId("rp")
			
 
				 				.build();
			
 
				-			RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+			AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 			assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 			assertThat(details.getSingleSignOnServiceLocation())
			
 
				 				.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -103,7 +103,7 @@ public class RelyingPartyRegistrationsTests {
 
				 			.fromMetadataLocation("file:" + file.getAbsolutePath())
			
 
				 			.entityId("rp")
			
 
				 			.build();
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 		assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 		assertThat(details.getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -124,7 +124,7 @@ public class RelyingPartyRegistrationsTests {
 
				 			RelyingPartyRegistration registration = RelyingPartyRegistrations.fromMetadata(source)
			
 
				 				.entityId("rp")
			
 
				 				.build();
			
 
				-			RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+			AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 			assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 			assertThat(details.getSingleSignOnServiceLocation())
			
 
				 				.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -153,7 +153,7 @@ public class RelyingPartyRegistrationsTests {
 
				 				.collect(Collectors.toList());
			
 
				 			assertThat(registrations).hasSize(2);
			
 
				 			RelyingPartyRegistration first = registrations.get(0);
			
 
				-			RelyingPartyRegistration.AssertingPartyDetails details = first.getAssertingPartyDetails();
			
 
				+			AssertingPartyMetadata details = first.getAssertingPartyMetadata();
			
 
				 			assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 			assertThat(details.getSingleSignOnServiceLocation())
			
 
				 				.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -161,7 +161,7 @@ public class RelyingPartyRegistrationsTests {
 
				 			assertThat(details.getVerificationX509Credentials()).hasSize(1);
			
 
				 			assertThat(details.getEncryptionX509Credentials()).hasSize(1);
			
 
				 			RelyingPartyRegistration second = registrations.get(1);
			
 
				-			details = second.getAssertingPartyDetails();
			
 
				+			details = second.getAssertingPartyMetadata();
			
 
				 			assertThat(details.getEntityId()).isEqualTo("https://ap.example.org/idp/shibboleth");
			
 
				 			assertThat(details.getSingleSignOnServiceLocation())
			
 
				 				.isEqualTo("https://ap.example.org/idp/profile/SAML2/POST/SSO");
			
@@ -201,7 +201,7 @@ public class RelyingPartyRegistrationsTests {
 
				 			.map((r) -> r.entityId("rp").build())
			
 
				 			.findFirst()
			
 
				 			.get();
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 		assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 		assertThat(details.getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -219,7 +219,7 @@ public class RelyingPartyRegistrationsTests {
 
				 			.map((r) -> r.entityId("rp").build())
			
 
				 			.findFirst()
			
 
				 			.get();
			
 
				-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+		AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 		assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 		assertThat(details.getSingleSignOnServiceLocation())
			
 
				 			.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -242,7 +242,7 @@ public class RelyingPartyRegistrationsTests {
 
				 				.map((r) -> r.entityId("rp").build())
			
 
				 				.findFirst()
			
 
				 				.get();
			
 
				-			RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+			AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 			assertThat(details.getEntityId()).isEqualTo("https://idp.example.com/idp/shibboleth");
			
 
				 			assertThat(details.getSingleSignOnServiceLocation())
			
 
				 				.isEqualTo("https://idp.example.com/idp/profile/SAML2/POST/SSO");
			
@@ -261,7 +261,7 @@ public class RelyingPartyRegistrationsTests {
 
				 				.fromMetadataLocation(server.url("/").toString())
			
 
				 				.entityId("rp")
			
 
				 				.build();
			
 
				-			RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
			
 
				+			AssertingPartyMetadata details = registration.getAssertingPartyMetadata();
			
 
				 			assertThat(registration.getRegistrationId()).isEqualTo(details.getEntityId());
			
 
				 			assertThat(registration).isInstanceOf(OpenSamlRelyingPartyRegistration.class);
			
 
				 		}
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/TestRelyingPartyRegistrations.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2023 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -44,7 +44,7 @@ public final class TestRelyingPartyRegistrations {
 
				 			.assertionConsumerServiceLocation(assertionConsumerServiceLocation)
			
 
				 			.singleLogoutServiceLocation(singleLogoutServiceLocation)
			
 
				 			.signingX509Credentials((c) -> c.add(signingCredential))
			
 
				-			.assertingPartyDetails((a) -> a.entityId(apEntityId)
			
 
				+			.assertingPartyMetadata((a) -> a.entityId(apEntityId)
			
 
				 				.singleSignOnServiceLocation(singleSignOnServiceLocation)
			
 
				 				.verificationX509Credentials((c) -> c.add(verificationCertificate)));
			
 
				 	}
			
@@ -55,7 +55,7 @@ public final class TestRelyingPartyRegistrations {
 
				 			.singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request")
			
 
				 			.singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response")
			
 
				 			.assertionConsumerServiceLocation("https://rp.example.org/acs")
			
 
				-			.assertingPartyDetails((party) -> party.entityId("ap-entity-id")
			
 
				+			.assertingPartyMetadata((party) -> party.entityId("ap-entity-id")
			
 
				 				.singleSignOnServiceLocation("https://ap.example.org/sso")
			
 
				 				.singleLogoutServiceLocation("https://ap.example.org/logout/saml2/request")
			
 
				 				.singleLogoutServiceResponseLocation("https://ap.example.org/logout/saml2/response"));
			
@@ -67,7 +67,7 @@ public final class TestRelyingPartyRegistrations {
 
				 				.add(org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartySigningCredential()))
			
 
				 			.decryptionX509Credentials((c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
			
 
				 				.relyingPartyDecryptingCredential()))
			
 
				-			.assertingPartyDetails((party) -> party.verificationX509Credentials(
			
 
				+			.assertingPartyMetadata((party) -> party.verificationX509Credentials(
			
 
				 					(c) -> c.add(org.springframework.security.saml2.core.TestSaml2X509Credentials
			
 
				 						.relyingPartyVerifyingCredential())));
			
 
				 	}
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -100,7 +100,7 @@ public class Saml2MetadataFilterTests {
 
				 	public void doFilterWhenRelyingPartyRegistrationFoundThenInvokesMetadataResolver() throws Exception {
			
 
				 		MockHttpServletRequest request = uri("/saml2/service-provider-metadata/validRegistration");
			
 
				 		RelyingPartyRegistration validRegistration = TestRelyingPartyRegistrations.noCredentials()
			
 
				-			.assertingPartyDetails((party) -> party
			
 
				+			.assertingPartyMetadata((party) -> party
			
 
				 				.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
			
 
				 			.build();
			
 
				 		String generatedMetadata = "<xml>test</xml>";
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2023 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -84,8 +84,8 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
				 			}
			
 
				 		};
			
 
				 		this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id")
			
 
				-			.assertingPartyDetails((c) -> c.entityId("idp-entity-id"))
			
 
				-			.assertingPartyDetails((c) -> c.singleSignOnServiceLocation(IDP_SSO_URL))
			
 
				+			.assertingPartyMetadata((c) -> c.entityId("idp-entity-id"))
			
 
				+			.assertingPartyMetadata((c) -> c.singleSignOnServiceLocation(IDP_SSO_URL))
			
 
				 			.assertionConsumerServiceLocation("template")
			
 
				 			.signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()))
			
 
				 			.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()));
			
@@ -168,7 +168,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
				 		String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}";
			
 
				 		String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue);
			
 
				 		RelyingPartyRegistration registration = this.rpBuilder
			
 
				-			.assertingPartyDetails((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				 			.build();
			
 
				 		Saml2PostAuthenticationRequest request = Saml2PostAuthenticationRequest
			
 
				 			.withRelyingPartyRegistration(registration)
			
@@ -213,7 +213,7 @@ public class Saml2WebSsoAuthenticationRequestFilterTests {
 
				 	@Test
			
 
				 	public void doFilterWhenPostThenSaveRedirectRequest() throws ServletException, IOException {
			
 
				 		RelyingPartyRegistration registration = this.rpBuilder
			
 
				-			.assertingPartyDetails((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST))
			
 
				 			.build();
			
 
				 		Saml2PostAuthenticationRequest request = Saml2PostAuthenticationRequest
			
 
				 			.withRelyingPartyRegistration(registration)
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2LogoutRequestFilterTests.java
@@ -93,13 +93,13 @@ public class Saml2LogoutRequestFilterTests {
 
				 		String content = response.getHeader("Location");
			
 
				 		assertThat(content).contains(Saml2ParameterNames.SAML_RESPONSE);
			
 
				 		assertThat(content)
			
 
				-			.startsWith(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
			
 
				+			.startsWith(registration.getAssertingPartyMetadata().getSingleLogoutServiceResponseLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
 
				 	public void doFilterWhenSamlRequestThenPosts() throws Exception {
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST))
			
 
				 			.build();
			
 
				 		Authentication authentication = new TestingAuthenticationToken("user", "password");
			
 
				 		given(this.securityContextHolderStrategy.getContext()).willReturn(new SecurityContextImpl(authentication));
			
@@ -270,7 +270,7 @@ public class Saml2LogoutRequestFilterTests {
 
				 	private void checkResponse(String responseContent, RelyingPartyRegistration registration) {
			
 
				 		assertThat(responseContent).contains(Saml2ParameterNames.SAML_RESPONSE);
			
 
				 		assertThat(responseContent)
			
 
				-			.contains(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
			
 
				+			.contains(registration.getAssertingPartyMetadata().getSingleLogoutServiceResponseLocation());
			
 
				 		assertThat(responseContent).contains(
			
 
				 				"<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">");
			
 
				 		assertThat(responseContent)
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2023 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -79,13 +79,13 @@ public class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests {
 
				 		this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
			
 
				 		String content = response.getHeader("Location");
			
 
				 		assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
			
 
				-		assertThat(content).startsWith(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
			
 
				+		assertThat(content).startsWith(registration.getAssertingPartyMetadata().getSingleLogoutServiceLocation());
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
 
				 	public void onLogoutSuccessWhenPostThenPostsToAssertingParty() throws Exception {
			
 
				 		RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full()
			
 
				-			.assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST))
			
 
				+			.assertingPartyMetadata((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST))
			
 
				 			.build();
			
 
				 		Authentication authentication = authentication(registration);
			
 
				 		SecurityContextHolder.getContext().setAuthentication(authentication);
			
@@ -99,7 +99,7 @@ public class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests {
 
				 		this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
			
 
				 		String content = response.getContentAsString();
			
 
				 		assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
			
 
				-		assertThat(content).contains(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
			
 
				+		assertThat(content).contains(registration.getAssertingPartyMetadata().getSingleLogoutServiceLocation());
			
 
				 		assertThat(content).contains(
			
 
				 				"<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">");
			
 
				 		assertThat(content).contains("<script>window.onload = function() { document.forms[0].submit(); }</script>");