Describe the bug
When switching from the (deprecated) DefaultSaml2AuthenticationRequestContextResolver and OpenSaml4AuthenticationRequestFactory to OpenSaml4AuthenticationRequestResolver, the AuthnRequest's signature no longer contains a KeyInfo element.
To Reproduce
- configure an
OpenSaml4AuthenticationRequestResolver (e.g. by adding it as a Spring Bean)
- configure an X.509 signing credential
- start a SAML authentication
Expected behavior
The AuthnRequest signature contains a KeyInfo when using OpenSaml4AuthenticationRequestResolver.
Possible source: In org.springframework.security.saml2.provider.service.web.authentication.OpenSamlSigningUtils, no NamedKeyInfoGeneratorManager is configured in the SignatureSigningConfiguration. This is different from the two OpenSamlSigningUtils in other packages.
Describe the bug
When switching from the (deprecated)
DefaultSaml2AuthenticationRequestContextResolverandOpenSaml4AuthenticationRequestFactorytoOpenSaml4AuthenticationRequestResolver, theAuthnRequest's signature no longer contains aKeyInfoelement.To Reproduce
OpenSaml4AuthenticationRequestResolver(e.g. by adding it as a Spring Bean)Expected behavior
The
AuthnRequestsignature contains aKeyInfowhen usingOpenSaml4AuthenticationRequestResolver.Possible source: In
org.springframework.security.saml2.provider.service.web.authentication.OpenSamlSigningUtils, noNamedKeyInfoGeneratorManageris configured in theSignatureSigningConfiguration. This is different from the twoOpenSamlSigningUtilsin other packages.