From 2af78c19ab9f4a8d601ba9ab049fc3a25dca223c Mon Sep 17 00:00:00 2001
From: Marcus Da Coregio <marcusdacoregio@gmail.com>
Date: Thu, 26 Jan 2023 11:20:08 -0300
Subject: [PATCH] Saml2LogoutRequestMixin relayState property should be binding

Closes gh-12539
---
 .../saml2/jackson2/Saml2LogoutRequestMixin.java |  4 ++--
 .../jackson2/Saml2LogoutRequestMixinTests.java  | 17 ++++++++++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixin.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixin.java
index 4eb0440eba..a30c8aff08 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixin.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixin.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,7 +53,7 @@ class Saml2LogoutRequestMixin {
 
 	@JsonCreator
 	Saml2LogoutRequestMixin(@JsonProperty("location") String location,
-			@JsonProperty("relayState") Saml2MessageBinding relayState,
+			@JsonProperty("binding") Saml2MessageBinding binding,
 			@JsonProperty("parameters") Map<String, String> parameters, @JsonProperty("id") String id,
 			@JsonProperty("relyingPartyRegistrationId") String relyingPartyRegistrationId) {
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixinTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixinTests.java
index 54c4e7af08..452e4bf422 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixinTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixinTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,8 @@ package org.springframework.security.saml2.jackson2;
 import java.util.HashMap;
 import java.util.Map;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -52,6 +54,19 @@ class Saml2LogoutRequestMixinTests {
 
 	@Test
 	void shouldDeserialize() throws Exception {
+		deserializeAndAssertRequest();
+	}
+
+	// gh-12539
+	@Test
+	void shouldDeserializeWhenFailOnMissingCreatorPropertiesEnabled() throws Exception {
+		// Jackson will use reflection to initialize the binding property if this is not
+		// enabled
+		this.mapper.configure(DeserializationFeature.FAIL_ON_MISSING_CREATOR_PROPERTIES, true);
+		deserializeAndAssertRequest();
+	}
+
+	private void deserializeAndAssertRequest() throws JsonProcessingException {
 		Saml2LogoutRequest logoutRequest = this.mapper.readValue(TestSaml2JsonPayloads.DEFAULT_LOGOUT_REQUEST_JSON,
 				Saml2LogoutRequest.class);