From 10948b5b7a826d8d9864694f2071b26fbafb2285 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 14 Aug 2025 15:52:09 -0600
Subject: [PATCH] Make OpenSamlAssertingPartyDetails Serializable

Closes gh-17622
---
 .../security/SerializationSamples.java           |   7 +++++++
 ...tion.OpenSamlAssertingPartyDetails.serialized | Bin 0 -> 2260 bytes
 .../OpenSamlAssertingPartyDetails.java           |   6 +++++-
 3 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized

diff --git a/config/src/test/java/org/springframework/security/SerializationSamples.java b/config/src/test/java/org/springframework/security/SerializationSamples.java
index cec8f7f1a9..223624b166 100644
--- a/config/src/test/java/org/springframework/security/SerializationSamples.java
+++ b/config/src/test/java/org/springframework/security/SerializationSamples.java
@@ -171,12 +171,14 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
 import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
+import org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationTokens;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2LogoutRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
+import org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.web.PortResolverImpl;
@@ -522,6 +524,11 @@ final class SerializationSamples {
 			return token;
 		});
 		generatorByClassName.put(Saml2LogoutRequest.class, (r) -> TestSaml2LogoutRequests.create());
+		generatorByClassName.put(OpenSamlAssertingPartyDetails.class,
+				(r) -> OpenSamlAssertingPartyDetails
+					.withEntityDescriptor(
+							TestOpenSamlObjects.entityDescriptor(TestRelyingPartyRegistrations.full().build()))
+					.build());
 
 		// web
 		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..582169273b49a6fcdee93817fbef60bd39ae1ef5
GIT binary patch
literal 2260
zcmd5-TWl0n7(P3@+v~QJLRu)-*haLlb6HxU6eGQ1mriNjX-h3g7<Uibf!UeqoU`3s
zh?}$)l0NW&u^^bHfkZ5Xpm<3EjU-S*#i$_|1riETBZwhH@m6A@=j`^f+w{SN7x!T^
z^Pg}2+xLI}Ie8!0kqNfyrk_QIsc8P~rW}AF-Q39{=na|*j<84$s4mtp^-jeHO=34Y
z6)$8>=vNRnWvu8L+h9OVBDe}fjxq7mD4RG^4Y91KXtXEig|99TnhXG86X=f}%mdZP
zL<mnp7DY2gj}-dWj~3sR7?9Bh@<XzQD}uOP^T3WEL>NhmUxPjo%!iuSj2N_<)>6K#
z%7i|sVMSIE26^HRxl`tXSW&quT~(o%!pcREMj<%j_F<44$EdRA=Oj#9NzP{@;+;HJ
zsD7RFvOPeY<s>*0Ne2n601=D|McuClu@vubrK0(W6@wO$G>n_Z4mZIL7h{K;V29Xa
z>~M+faFiKWJw!<M!*RbP>Vg@fin=#OXa|S_s|X5bfOsG>bPbVglc3`@&~`Rx$u&@C
z_Q`ljh-pq1bV5_vuEZTrqk(#1!iI&+Yd)oerF5{OqV0sfS{b!V5MNWjZR@*Pyf{8+
zv!_tw=jW>T^c^@eRAMEAXoMU9fSl*nk$>_FW8jbtXPi%`;v-QCr@o&e9TiD2uCT6A
z@`@ikowN4sHxDwvB7#(?!T|A*JPZvl?;!J19yTx#+A%iPa9k)9VnZug%Bzd#1&%M_
z!U5GshQ%4sO;~6m*@@a^SLriR6Er=xUS^;_UNiu?F-c~}Dy5^#)@Z>%;vva8%~MnD
z_S950VPLJPeV!OLwzgGPN|HNDIhlolt+7EOrv<b;MCy|b7KY`3p~6^=2<eC-Q<GXw
zi7fvQwRuTL*jNe41M$m`f4u*ma_?1!4r->CuASKAKn#lF5}VWrJ>+6vPoanaW_c$?
z-V`y&G61s@v`OZPU^2*7?36LAgAr2TG{23LXM|o-jx*NBiLfjU%T`T=EJ}FxK%;lr
zj{eV1t#vSf*$iwx8OxYFRf@odNj9`$*02#YsqN&${J&Dtnr_p<HUMDu@ZC%o-)*_a
zq=QqN)}F|-=8o`LDe1*~Yxn+{WwB)10pHalWb)}L)@EDE9Hv<k=J2!WOPV8N6HyCY
zExIP;@;TI)>PT;qHLo5d`V$uM3#cu_F;|LR2}`B%n_#I_Q7=w7&2%ux5SH?bDc0)9
zN5=RKl6-OSi}SOD)qJT?B9yG;OG?`Evt0C57=Qi0q}er)*guOMSiAO-9`-U_UEs<`
z=Z6c|!Bs15w&rymA4gw5x8l4jPr6@<eb;^kFZB#(Z9DeL4Qb)7ecfk0yMFp~ZuQ^C
zM%g>_)VmuDff@SbO1ERIe)-Nd-+W-VJ&11Jf4RqbD7*f((Y_PeUtT|OJa6=epL-4;
ze0Rx^@Th8AN9#@V>fX=snoHlUK7M@OKR1rp8LI_Y64N8}T1j51eZA$E%8Q<QOMYU@
zossJUThEEhH@Giec<15iVeDPV5Ax#BZ;Qa~TXkSb|H#p8XP?Y1YyZL*DEmG-c<Sps
z>+ga2krQ>x<*4WCvq$H>feRijbJm4+2Xar3MLra)*@mt0!mSkX@NmV&nt?k3*Y4(3
zhssv$Kl0+(mauZB--3a?l_huOOyVYsOL`1(7tJ7es?o&NL=}=l)^<yc$GzTNRng>b
J*cdj#{{o4k0&M^Q

literal 0
HcmV?d00001

diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
index 9923d55599..f8223a4bf6 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
+import java.io.Serial;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -46,7 +47,10 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
  */
 public final class OpenSamlAssertingPartyDetails extends RelyingPartyRegistration.AssertingPartyDetails {
 
-	private final EntityDescriptor descriptor;
+	@Serial
+	private static final long serialVersionUID = -2412785556799182734L;
+
+	private final transient EntityDescriptor descriptor;
 
 	OpenSamlAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails details, EntityDescriptor descriptor) {
 		super(details.getEntityId(), details.getWantAuthnRequestsSigned(), details.getSigningAlgorithms(),