From 6a9156831905160d6772fcae5dee44b3016136df Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Thu, 31 Mar 2022 12:49:05 -0600
Subject: [PATCH] Simplify SAML configuration

---
 .../java/example/SecurityConfiguration.java   | 10 +++---
 .../java/example/SecurityConfiguration.java   | 33 ++++++++-----------
 2 files changed, 18 insertions(+), 25 deletions(-)

diff --git a/servlet/spring-boot/java/saml2/login-single-tenant/src/main/java/example/SecurityConfiguration.java b/servlet/spring-boot/java/saml2/login-single-tenant/src/main/java/example/SecurityConfiguration.java
index 804ab8e..e8fa0c0 100644
--- a/servlet/spring-boot/java/saml2/login-single-tenant/src/main/java/example/SecurityConfiguration.java
+++ b/servlet/spring-boot/java/saml2/login-single-tenant/src/main/java/example/SecurityConfiguration.java
@@ -81,15 +81,13 @@ public class SecurityConfiguration {
 	@Bean
 	RelyingPartyRegistrationRepository repository(
 			@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
+		Saml2X509Credential signing = Saml2X509Credential.signing(privateKey, relyingPartyCertificate());
 		RelyingPartyRegistration two = RelyingPartyRegistrations
 				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
 				.registrationId("two")
-				.signingX509Credentials(
-						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
-				.singleLogoutServiceLocation(
-						"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
-				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
-				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
+				.signingX509Credentials((c) -> c.add(signing))
+				.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo")
+				.build();
 		return new InMemoryRelyingPartyRegistrationRepository(two);
 	}
 
diff --git a/servlet/spring-boot/java/saml2/login/src/main/java/example/SecurityConfiguration.java b/servlet/spring-boot/java/saml2/login/src/main/java/example/SecurityConfiguration.java
index a58d88f..1d982f4 100644
--- a/servlet/spring-boot/java/saml2/login/src/main/java/example/SecurityConfiguration.java
+++ b/servlet/spring-boot/java/saml2/login/src/main/java/example/SecurityConfiguration.java
@@ -35,7 +35,6 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
-import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
@@ -44,6 +43,8 @@ import org.springframework.security.web.SecurityFilterChain;
 @Configuration
 public class SecurityConfiguration {
 
+	@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey;
+
 	@Bean
 	SecurityFilterChain app(HttpSecurity http) throws Exception {
 		// @formatter:off
@@ -73,29 +74,23 @@ public class SecurityConfiguration {
 	}
 
 	@Bean
-	RelyingPartyRegistrationRepository repository(
-			@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
-		RelyingPartyRegistration one = RelyingPartyRegistrations
+	RelyingPartyRegistrationRepository repository() {
+		RelyingPartyRegistration one = addRelyingPartyDetails(RelyingPartyRegistrations
 				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
-				.registrationId("one")
-				.signingX509Credentials(
-						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
-				.singleLogoutServiceLocation(
-						"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
-				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
-				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
-		RelyingPartyRegistration two = RelyingPartyRegistrations
+				.registrationId("one")).build();
+		RelyingPartyRegistration two = addRelyingPartyDetails(RelyingPartyRegistrations
 				.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
-				.registrationId("two")
-				.signingX509Credentials(
-						(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
-				.singleLogoutServiceLocation(
-						"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
-				.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
-				.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
+				.registrationId("two")).build();
 		return new InMemoryRelyingPartyRegistrationRepository(one, two);
 	}
 
+	RelyingPartyRegistration.Builder addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
+		Saml2X509Credential signing = Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate());
+		return builder
+				.signingX509Credentials((c) -> c.add(signing))
+				.singleLogoutServiceLocation("http://localhost:8080/logout/saml2/slo");
+	}
+
 	X509Certificate relyingPartyCertificate() {
 		Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
 		try (InputStream is = resource.getInputStream()) {