Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
github
/
spring-security
-ын хуулбар https://github.com/spring-projects/spring-security
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Add OpenSamlAssertingPartyDetails

Closes gh-10781
Josh Cummings 3 жил өмнө
parent
4a3654a95b
commit
541a1e48b3
6 өөрчлөгдсөн 151 нэмэгдсэн , 43 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 87 0
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
  2. 16 20
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java
  3. 4 3
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
  4. 20 5
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
  5. 9 3
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
  6. 15 12
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverterTests.java

+ 87 - 0
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
Файл харах 

@@ -0,0 +1,87 @@
 
+/*
 
+ * Copyright 2002-2022 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      https://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+
 
+package org.springframework.security.saml2.provider.service.registration;
 
+
 
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 
+
 
+/**
 
+ * A {@link RelyingPartyRegistration.AssertingPartyDetails} that contains
 
+ * OpenSAML-specific members
 
+ *
 
+ * @author Josh Cummings
 
+ * @since 5.7
 
+ */
 
+public final class OpenSamlAssertingPartyDetails extends RelyingPartyRegistration.AssertingPartyDetails {
 
+
 
+	private final EntityDescriptor descriptor;
 
+
 
+	OpenSamlAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails details, EntityDescriptor descriptor) {
 
+		super(details.getEntityId(), details.getWantAuthnRequestsSigned(), details.getSigningAlgorithms(),
 
+				details.getVerificationX509Credentials(), details.getEncryptionX509Credentials(),
 
+				details.getSingleSignOnServiceLocation(), details.getSingleSignOnServiceBinding(),
 
+				details.getSingleLogoutServiceLocation(), details.getSingleLogoutServiceResponseLocation(),
 
+				details.getSingleLogoutServiceBinding());
 
+		this.descriptor = descriptor;
 
+	}
 
+
 
+	/**
 
+	 * Get the {@link EntityDescriptor} that underlies this
 
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails}
 
+	 * @return the {@link EntityDescriptor}
 
+	 */
 
+	public EntityDescriptor getEntityDescriptor() {
 
+		return this.descriptor;
 
+	}
 
+
 
+	/**
 
+	 * Use this {@link EntityDescriptor} to begin building an
 
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails}
 
+	 * @param entity the {@link EntityDescriptor} to use
 
+	 * @return the
 
+	 * {@link org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder}
 
+	 * for further configurations
 
+	 */
 
+	public static OpenSamlAssertingPartyDetails.Builder withEntityDescriptor(EntityDescriptor entity) {
 
+		return new OpenSamlAssertingPartyDetails.Builder(entity);
 
+	}
 
+
 
+	/**
 
+	 * An OpenSAML version of
 
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder}
 
+	 * that contains the underlying {@link EntityDescriptor}
 
+	 */
 
+	public static final class Builder extends RelyingPartyRegistration.AssertingPartyDetails.Builder {
 
+
 
+		private final EntityDescriptor descriptor;
 
+
 
+		private Builder(EntityDescriptor descriptor) {
 
+			this.descriptor = descriptor;
 
+		}
 
+
 
+		/**
 
+		 * Build an
 
+		 * {@link org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails}
 
+		 * @return
 
+		 */
 
+		@Override
 
+		public OpenSamlAssertingPartyDetails build() {
 
+			return new OpenSamlAssertingPartyDetails(super.build(), this.descriptor);
 
+		}
 
+
 
+	}
 
+
 
+}

+ 16 - 20
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverter.java → saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java
Файл харах 

@@ -47,7 +47,7 @@ import org.springframework.security.saml2.Saml2Exception;
 
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 
 import org.springframework.security.saml2.core.Saml2X509Credential;
 
 
-class OpenSamlAssertingPartyMetadataConverter {
 
+class OpenSamlMetadataAssertingPartyDetailsConverter {
 
 
 	static {
 
 		OpenSamlInitializationService.initialize();
 
@@ -58,15 +58,15 @@ class OpenSamlAssertingPartyMetadataConverter {
 
 	private final ParserPool parserPool;
 
 
 	/**
 
-	 * Creates a {@link OpenSamlAssertingPartyMetadataConverter}
 
+	 * Creates a {@link OpenSamlMetadataAssertingPartyDetailsConverter}
 
 	 */
 
-	OpenSamlAssertingPartyMetadataConverter() {
 
+	OpenSamlMetadataAssertingPartyDetailsConverter() {
 
 		this.registry = ConfigurationService.get(XMLObjectProviderRegistry.class);
 
 		this.parserPool = this.registry.getParserPool();
 
 	}
 
 
-	Collection<RelyingPartyRegistration.Builder> convert(InputStream inputStream) {
 
-		List<RelyingPartyRegistration.Builder> builders = new ArrayList<>();
 
+	Collection<RelyingPartyRegistration.AssertingPartyDetails.Builder> convert(InputStream inputStream) {
 
+		List<RelyingPartyRegistration.AssertingPartyDetails.Builder> builders = new ArrayList<>();
 
 		XMLObject xmlObject = xmlObject(inputStream);
 
 		if (xmlObject instanceof EntitiesDescriptor) {
 
 			EntitiesDescriptor descriptors = (EntitiesDescriptor) xmlObject;
 
@@ -82,7 +82,7 @@ class OpenSamlAssertingPartyMetadataConverter {
 
 		throw new Saml2Exception("Unsupported element of type " + xmlObject.getClass());
 
 	}
 
 
-	RelyingPartyRegistration.Builder convert(EntityDescriptor descriptor) {
 
+	RelyingPartyRegistration.AssertingPartyDetails.Builder convert(EntityDescriptor descriptor) {
 
 		IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
 
 		if (idpssoDescriptor == null) {
 
 			throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
 
@@ -114,15 +114,14 @@ class OpenSamlAssertingPartyMetadataConverter {
 
 			throw new Saml2Exception(
 
 					"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 
 		}
 
-		RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(descriptor.getEntityID())
 
-				.assertingPartyDetails((party) -> party.entityId(descriptor.getEntityID())
 
-						.wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
 
-						.verificationX509Credentials((c) -> c.addAll(verification))
 
-						.encryptionX509Credentials((c) -> c.addAll(encryption)));
 
+		RelyingPartyRegistration.AssertingPartyDetails.Builder party = OpenSamlAssertingPartyDetails
 
+				.withEntityDescriptor(descriptor).entityId(descriptor.getEntityID())
 
+				.wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
 
+				.verificationX509Credentials((c) -> c.addAll(verification))
 
+				.encryptionX509Credentials((c) -> c.addAll(encryption));
 
 		List<SigningMethod> signingMethods = signingMethods(idpssoDescriptor);
 
 		for (SigningMethod method : signingMethods) {
 
-			builder.assertingPartyDetails(
 
-					(party) -> party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm())));
 
+			party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm()));
 
 		}
 
 		if (idpssoDescriptor.getSingleSignOnServices().isEmpty()) {
 
 			throw new Saml2Exception(
 
@@ -139,9 +138,7 @@ class OpenSamlAssertingPartyMetadataConverter {
 
 			else {
 
 				continue;
 
 			}
 
-			builder.assertingPartyDetails(
 
-					(party) -> party.singleSignOnServiceLocation(singleSignOnService.getLocation())
 
-							.singleSignOnServiceBinding(binding));
 
+			party.singleSignOnServiceLocation(singleSignOnService.getLocation()).singleSignOnServiceBinding(binding);
 
 			break;
 
 		}
 
 		for (SingleLogoutService singleLogoutService : idpssoDescriptor.getSingleLogoutServices()) {
 
@@ -157,12 +154,11 @@ class OpenSamlAssertingPartyMetadataConverter {
 
 			}
 
 			String responseLocation = (singleLogoutService.getResponseLocation() == null)
 
 					? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation();
 
-			builder.assertingPartyDetails(
 
-					(party) -> party.singleLogoutServiceLocation(singleLogoutService.getLocation())
 
-							.singleLogoutServiceResponseLocation(responseLocation).singleLogoutServiceBinding(binding));
 
+			party.singleLogoutServiceLocation(singleLogoutService.getLocation())
 
+					.singleLogoutServiceResponseLocation(responseLocation).singleLogoutServiceBinding(binding);
 
 			break;
 
 		}
 
-		return builder;
 
+		return party;
 
 	}
 
 
 	private List<X509Certificate> certificates(KeyDescriptor keyDescriptor) {

+ 4 - 3
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
Файл харах 

@@ -62,13 +62,13 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
 		OpenSamlInitializationService.initialize();
 
 	}
 
 
-	private final OpenSamlAssertingPartyMetadataConverter converter;
 
+	private final OpenSamlMetadataAssertingPartyDetailsConverter converter;
 
 
 	/**
 
 	 * Creates a {@link OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter}
 
 	 */
 
 	public OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter() {
 
-		this.converter = new OpenSamlAssertingPartyMetadataConverter();
 
+		this.converter = new OpenSamlMetadataAssertingPartyDetailsConverter();
 
 	}
 
 
 	@Override
 
@@ -89,7 +89,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
 	@Override
 
 	public RelyingPartyRegistration.Builder read(Class<? extends RelyingPartyRegistration.Builder> clazz,
 
 			HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
 
-		return this.converter.convert(inputMessage.getBody()).iterator().next();
 
+		return RelyingPartyRegistration
 
+				.withAssertingPartyDetails(this.converter.convert(inputMessage.getBody()).iterator().next().build());
 
 	}
 
 
 	@Override

+ 20 - 5
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
Файл харах 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2021 the original author or authors.
 
+ * Copyright 2002-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -422,6 +422,21 @@ public final class RelyingPartyRegistration {
 
 		return new Builder(registrationId);
 
 	}
 
 
+	public static Builder withAssertingPartyDetails(AssertingPartyDetails assertingPartyDetails) {
 
+		Assert.notNull(assertingPartyDetails, "assertingPartyDetails cannot be null");
 
+		return withRegistrationId(assertingPartyDetails.getEntityId()).assertingPartyDetails((party) -> party
 
+				.entityId(assertingPartyDetails.getEntityId())
 
+				.wantAuthnRequestsSigned(assertingPartyDetails.getWantAuthnRequestsSigned())
 
+				.signingAlgorithms((algorithms) -> algorithms.addAll(assertingPartyDetails.getSigningAlgorithms()))
 
+				.verificationX509Credentials((c) -> c.addAll(assertingPartyDetails.getVerificationX509Credentials()))
 
+				.encryptionX509Credentials((c) -> c.addAll(assertingPartyDetails.getEncryptionX509Credentials()))
 
+				.singleSignOnServiceLocation(assertingPartyDetails.getSingleSignOnServiceLocation())
 
+				.singleSignOnServiceBinding(assertingPartyDetails.getSingleSignOnServiceBinding())
 
+				.singleLogoutServiceLocation(assertingPartyDetails.getSingleLogoutServiceLocation())
 
+				.singleLogoutServiceResponseLocation(assertingPartyDetails.getSingleLogoutServiceResponseLocation())
 
+				.singleLogoutServiceBinding(assertingPartyDetails.getSingleLogoutServiceBinding()));
 
+	}
 
+
 
 	/**
 
 	 * Creates a {@code RelyingPartyRegistration} {@link Builder} based on an existing
 
 	 * object
 
@@ -510,7 +525,7 @@ public final class RelyingPartyRegistration {
 
 	 *
 
 	 * @since 5.4
 
 	 */
 
-	public static final class AssertingPartyDetails {
 
+	public static class AssertingPartyDetails {
 
 
 		private final String entityId;
 
 
@@ -532,7 +547,7 @@ public final class RelyingPartyRegistration {
 
 
 		private final Saml2MessageBinding singleLogoutServiceBinding;
 
 
-		private AssertingPartyDetails(String entityId, boolean wantAuthnRequestsSigned, List<String> signingAlgorithms,
 
+		AssertingPartyDetails(String entityId, boolean wantAuthnRequestsSigned, List<String> signingAlgorithms,
 
 				Collection<Saml2X509Credential> verificationX509Credentials,
 
 				Collection<Saml2X509Credential> encryptionX509Credentials, String singleSignOnServiceLocation,
 
 				Saml2MessageBinding singleSignOnServiceBinding, String singleLogoutServiceLocation,
 
@@ -701,7 +716,7 @@ public final class RelyingPartyRegistration {
 
 			return this.singleLogoutServiceBinding;
 
 		}
 
 
-		public static final class Builder {
 
+		public static class Builder {
 
 
 			private String entityId;
 
 
@@ -951,7 +966,7 @@ public final class RelyingPartyRegistration {
 
 		@Deprecated
 
 		public static final class Builder {
 
 
-			private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
 
+			private AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
 
 
 			/**
 
 			 * Set the asserting party's <a href=

+ 9 - 3
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
Файл харах 

@@ -18,11 +18,13 @@ package org.springframework.security.saml2.provider.service.registration;
 
 
 import java.io.IOException;
 
 import java.io.InputStream;
 
+import java.util.ArrayList;
 
 import java.util.Collection;
 
 
 import org.springframework.core.io.DefaultResourceLoader;
 
 import org.springframework.core.io.ResourceLoader;
 
 import org.springframework.security.saml2.Saml2Exception;
 
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
 
 
 /**
 
  * A utility class for constructing instances of {@link RelyingPartyRegistration}
 
@@ -34,7 +36,7 @@ import org.springframework.security.saml2.Saml2Exception;
 
  */
 
 public final class RelyingPartyRegistrations {
 
 
-	private static final OpenSamlAssertingPartyMetadataConverter assertingPartyMetadataConverter = new OpenSamlAssertingPartyMetadataConverter();
 
+	private static final OpenSamlMetadataAssertingPartyDetailsConverter assertingPartyMetadataConverter = new OpenSamlMetadataAssertingPartyDetailsConverter();
 
 
 	private static final ResourceLoader resourceLoader = new DefaultResourceLoader();
 
 
@@ -123,7 +125,7 @@ public final class RelyingPartyRegistrations {
 
 	 * @since 5.6
 
 	 */
 
 	public static RelyingPartyRegistration.Builder fromMetadata(InputStream source) {
 
-		return assertingPartyMetadataConverter.convert(source).iterator().next();
 
+		return collectionFromMetadata(source).iterator().next();
 
 	}
 
 
 	/**
 
@@ -213,7 +215,11 @@ public final class RelyingPartyRegistrations {
 
 	 * @since 5.7
 
 	 */
 
 	public static Collection<RelyingPartyRegistration.Builder> collectionFromMetadata(InputStream source) {
 
-		return assertingPartyMetadataConverter.convert(source);
 
+		Collection<RelyingPartyRegistration.Builder> builders = new ArrayList<>();
 
+		for (AssertingPartyDetails.Builder builder : assertingPartyMetadataConverter.convert(source)) {
 
+			builders.add(RelyingPartyRegistration.withAssertingPartyDetails(builder.build()));
 
+		}
 
+		return builders;
 
 	}
 
 
 }

+ 15 - 12
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverterTests.java → saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverterTests.java
Файл харах 

@@ -24,6 +24,7 @@ import java.util.Base64;
 
 
 import org.junit.jupiter.api.BeforeEach;
 
 import org.junit.jupiter.api.Test;
 
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 
 import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 
 import org.springframework.security.saml2.Saml2Exception;
 
@@ -31,7 +32,7 @@ import org.springframework.security.saml2.Saml2Exception;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 
-public class OpenSamlAssertingPartyMetadataConverterTests {
 
+public class OpenSamlMetadataAssertingPartyDetailsConverterTests {
 
 
 	private static final String CERTIFICATE = "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk";
 
 
@@ -56,11 +57,11 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 
 	private static final String SINGLE_SIGN_ON_SERVICE_TEMPLATE = "<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" "
 
 			+ "Location=\"sso-location\"/>";
 
 
-	private OpenSamlAssertingPartyMetadataConverter converter;
 
+	private OpenSamlMetadataAssertingPartyDetailsConverter converter;
 
 
 	@BeforeEach
 
 	public void setup() {
 
-		this.converter = new OpenSamlAssertingPartyMetadataConverter();
 
+		this.converter = new OpenSamlMetadataAssertingPartyDetailsConverter();
 
 	}
 
 
 	@Test
 
@@ -98,9 +99,8 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 
 								+ String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"") + EXTENSIONS_TEMPLATE
 
 								+ String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
 
 		InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
 
-		RelyingPartyRegistration registration = this.converter.convert(inputStream).iterator().next()
 
-				.registrationId("one").build();
 
-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
 
+		RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next()
 
+				.build();
 
 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
 
 		assertThat(details.getSigningAlgorithms()).containsExactly(SignatureConstants.ALGO_ID_DIGEST_SHA512);
 
 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
 
@@ -112,6 +112,11 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 
 		assertThat(details.getEncryptionX509Credentials()).hasSize(1);
 
 		assertThat(details.getEncryptionX509Credentials().iterator().next().getCertificate())
 
 				.isEqualTo(x509Certificate(CERTIFICATE));
 
+		assertThat(details).isInstanceOf(OpenSamlAssertingPartyDetails.class);
 
+		OpenSamlAssertingPartyDetails openSamlDetails = (OpenSamlAssertingPartyDetails) details;
 
+		EntityDescriptor entityDescriptor = openSamlDetails.getEntityDescriptor();
 
+		assertThat(entityDescriptor).isNotNull();
 
+		assertThat(entityDescriptor.getEntityID()).isEqualTo(details.getEntityId());
 
 	}
 
 
 	// gh-9051
 
@@ -124,9 +129,8 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 
 										+ String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"")
 
 										+ String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE))));
 
 		InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
 
-		RelyingPartyRegistration registration = this.converter.convert(inputStream).iterator().next()
 
-				.registrationId("one").build();
 
-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
 
+		RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next()
 
+				.build();
 
 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
 
 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
 
 		assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
 
@@ -144,9 +148,8 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
 
 				String.format(KEY_DESCRIPTOR_TEMPLATE, "") + String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
 
 		InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
 
-		RelyingPartyRegistration registration = this.converter.convert(inputStream).iterator().next()
 
-				.registrationId("one").build();
 
-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
 
+		RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next()
 
+				.build();
 
 		assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate())
 
 				.isEqualTo(x509Certificate(CERTIFICATE));
 
 		assertThat(details.getEncryptionX509Credentials()).hasSize(1);