From 541a1e48b31dc85e47df3c154e4560cdccd767ce Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Mon, 31 Jan 2022 16:11:29 -0700
Subject: [PATCH] Add OpenSamlAssertingPartyDetails

Closes gh-10781
---
 .../OpenSamlAssertingPartyDetails.java        | 87 +++++++++++++++++++
 ...tadataAssertingPartyDetailsConverter.java} | 36 ++++----
 ...gistrationBuilderHttpMessageConverter.java |  7 +-
 .../RelyingPartyRegistration.java             | 25 ++++--
 .../RelyingPartyRegistrations.java            | 12 ++-
 ...aAssertingPartyDetailsConverterTests.java} | 27 +++---
 6 files changed, 151 insertions(+), 43 deletions(-)
 create mode 100644 saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
 rename saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/{OpenSamlAssertingPartyMetadataConverter.java => OpenSamlMetadataAssertingPartyDetailsConverter.java} (84%)
 rename saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/{OpenSamlAssertingPartyMetadataConverterTests.java => OpenSamlMetadataAssertingPartyDetailsConverterTests.java} (90%)

diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
new file mode 100644
index 0000000000..5a224ac868
--- /dev/null
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.saml2.provider.service.registration;
+
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+
+/**
+ * A {@link RelyingPartyRegistration.AssertingPartyDetails} that contains
+ * OpenSAML-specific members
+ *
+ * @author Josh Cummings
+ * @since 5.7
+ */
+public final class OpenSamlAssertingPartyDetails extends RelyingPartyRegistration.AssertingPartyDetails {
+
+	private final EntityDescriptor descriptor;
+
+	OpenSamlAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails details, EntityDescriptor descriptor) {
+		super(details.getEntityId(), details.getWantAuthnRequestsSigned(), details.getSigningAlgorithms(),
+				details.getVerificationX509Credentials(), details.getEncryptionX509Credentials(),
+				details.getSingleSignOnServiceLocation(), details.getSingleSignOnServiceBinding(),
+				details.getSingleLogoutServiceLocation(), details.getSingleLogoutServiceResponseLocation(),
+				details.getSingleLogoutServiceBinding());
+		this.descriptor = descriptor;
+	}
+
+	/**
+	 * Get the {@link EntityDescriptor} that underlies this
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails}
+	 * @return the {@link EntityDescriptor}
+	 */
+	public EntityDescriptor getEntityDescriptor() {
+		return this.descriptor;
+	}
+
+	/**
+	 * Use this {@link EntityDescriptor} to begin building an
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails}
+	 * @param entity the {@link EntityDescriptor} to use
+	 * @return the
+	 * {@link org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder}
+	 * for further configurations
+	 */
+	public static OpenSamlAssertingPartyDetails.Builder withEntityDescriptor(EntityDescriptor entity) {
+		return new OpenSamlAssertingPartyDetails.Builder(entity);
+	}
+
+	/**
+	 * An OpenSAML version of
+	 * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder}
+	 * that contains the underlying {@link EntityDescriptor}
+	 */
+	public static final class Builder extends RelyingPartyRegistration.AssertingPartyDetails.Builder {
+
+		private final EntityDescriptor descriptor;
+
+		private Builder(EntityDescriptor descriptor) {
+			this.descriptor = descriptor;
+		}
+
+		/**
+		 * Build an
+		 * {@link org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails}
+		 * @return
+		 */
+		@Override
+		public OpenSamlAssertingPartyDetails build() {
+			return new OpenSamlAssertingPartyDetails(super.build(), this.descriptor);
+		}
+
+	}
+
+}
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java
similarity index 84%
rename from saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverter.java
rename to saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java
index c642140e7e..dbe5cff582 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java
@@ -47,7 +47,7 @@ import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.OpenSamlInitializationService;
 import org.springframework.security.saml2.core.Saml2X509Credential;
 
-class OpenSamlAssertingPartyMetadataConverter {
+class OpenSamlMetadataAssertingPartyDetailsConverter {
 
 	static {
 		OpenSamlInitializationService.initialize();
@@ -58,15 +58,15 @@ class OpenSamlAssertingPartyMetadataConverter {
 	private final ParserPool parserPool;
 
 	/**
-	 * Creates a {@link OpenSamlAssertingPartyMetadataConverter}
+	 * Creates a {@link OpenSamlMetadataAssertingPartyDetailsConverter}
 	 */
-	OpenSamlAssertingPartyMetadataConverter() {
+	OpenSamlMetadataAssertingPartyDetailsConverter() {
 		this.registry = ConfigurationService.get(XMLObjectProviderRegistry.class);
 		this.parserPool = this.registry.getParserPool();
 	}
 
-	Collection<RelyingPartyRegistration.Builder> convert(InputStream inputStream) {
-		List<RelyingPartyRegistration.Builder> builders = new ArrayList<>();
+	Collection<RelyingPartyRegistration.AssertingPartyDetails.Builder> convert(InputStream inputStream) {
+		List<RelyingPartyRegistration.AssertingPartyDetails.Builder> builders = new ArrayList<>();
 		XMLObject xmlObject = xmlObject(inputStream);
 		if (xmlObject instanceof EntitiesDescriptor) {
 			EntitiesDescriptor descriptors = (EntitiesDescriptor) xmlObject;
@@ -82,7 +82,7 @@ class OpenSamlAssertingPartyMetadataConverter {
 		throw new Saml2Exception("Unsupported element of type " + xmlObject.getClass());
 	}
 
-	RelyingPartyRegistration.Builder convert(EntityDescriptor descriptor) {
+	RelyingPartyRegistration.AssertingPartyDetails.Builder convert(EntityDescriptor descriptor) {
 		IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
 		if (idpssoDescriptor == null) {
 			throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
@@ -114,15 +114,14 @@ class OpenSamlAssertingPartyMetadataConverter {
 			throw new Saml2Exception(
 					"Metadata response is missing verification certificates, necessary for verifying SAML assertions");
 		}
-		RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(descriptor.getEntityID())
-				.assertingPartyDetails((party) -> party.entityId(descriptor.getEntityID())
-						.wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
-						.verificationX509Credentials((c) -> c.addAll(verification))
-						.encryptionX509Credentials((c) -> c.addAll(encryption)));
+		RelyingPartyRegistration.AssertingPartyDetails.Builder party = OpenSamlAssertingPartyDetails
+				.withEntityDescriptor(descriptor).entityId(descriptor.getEntityID())
+				.wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned()))
+				.verificationX509Credentials((c) -> c.addAll(verification))
+				.encryptionX509Credentials((c) -> c.addAll(encryption));
 		List<SigningMethod> signingMethods = signingMethods(idpssoDescriptor);
 		for (SigningMethod method : signingMethods) {
-			builder.assertingPartyDetails(
-					(party) -> party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm())));
+			party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm()));
 		}
 		if (idpssoDescriptor.getSingleSignOnServices().isEmpty()) {
 			throw new Saml2Exception(
@@ -139,9 +138,7 @@ class OpenSamlAssertingPartyMetadataConverter {
 			else {
 				continue;
 			}
-			builder.assertingPartyDetails(
-					(party) -> party.singleSignOnServiceLocation(singleSignOnService.getLocation())
-							.singleSignOnServiceBinding(binding));
+			party.singleSignOnServiceLocation(singleSignOnService.getLocation()).singleSignOnServiceBinding(binding);
 			break;
 		}
 		for (SingleLogoutService singleLogoutService : idpssoDescriptor.getSingleLogoutServices()) {
@@ -157,12 +154,11 @@ class OpenSamlAssertingPartyMetadataConverter {
 			}
 			String responseLocation = (singleLogoutService.getResponseLocation() == null)
 					? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation();
-			builder.assertingPartyDetails(
-					(party) -> party.singleLogoutServiceLocation(singleLogoutService.getLocation())
-							.singleLogoutServiceResponseLocation(responseLocation).singleLogoutServiceBinding(binding));
+			party.singleLogoutServiceLocation(singleLogoutService.getLocation())
+					.singleLogoutServiceResponseLocation(responseLocation).singleLogoutServiceBinding(binding);
 			break;
 		}
-		return builder;
+		return party;
 	}
 
 	private List<X509Certificate> certificates(KeyDescriptor keyDescriptor) {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
index e7c908f742..8f29e83358 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter.java
@@ -62,13 +62,13 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 		OpenSamlInitializationService.initialize();
 	}
 
-	private final OpenSamlAssertingPartyMetadataConverter converter;
+	private final OpenSamlMetadataAssertingPartyDetailsConverter converter;
 
 	/**
 	 * Creates a {@link OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter}
 	 */
 	public OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter() {
-		this.converter = new OpenSamlAssertingPartyMetadataConverter();
+		this.converter = new OpenSamlMetadataAssertingPartyDetailsConverter();
 	}
 
 	@Override
@@ -89,7 +89,8 @@ public class OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 	@Override
 	public RelyingPartyRegistration.Builder read(Class<? extends RelyingPartyRegistration.Builder> clazz,
 			HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
-		return this.converter.convert(inputMessage.getBody()).iterator().next();
+		return RelyingPartyRegistration
+				.withAssertingPartyDetails(this.converter.convert(inputMessage.getBody()).iterator().next().build());
 	}
 
 	@Override
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index ab1ce03f6b..b62e8df79f 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -422,6 +422,21 @@ public final class RelyingPartyRegistration {
 		return new Builder(registrationId);
 	}
 
+	public static Builder withAssertingPartyDetails(AssertingPartyDetails assertingPartyDetails) {
+		Assert.notNull(assertingPartyDetails, "assertingPartyDetails cannot be null");
+		return withRegistrationId(assertingPartyDetails.getEntityId()).assertingPartyDetails((party) -> party
+				.entityId(assertingPartyDetails.getEntityId())
+				.wantAuthnRequestsSigned(assertingPartyDetails.getWantAuthnRequestsSigned())
+				.signingAlgorithms((algorithms) -> algorithms.addAll(assertingPartyDetails.getSigningAlgorithms()))
+				.verificationX509Credentials((c) -> c.addAll(assertingPartyDetails.getVerificationX509Credentials()))
+				.encryptionX509Credentials((c) -> c.addAll(assertingPartyDetails.getEncryptionX509Credentials()))
+				.singleSignOnServiceLocation(assertingPartyDetails.getSingleSignOnServiceLocation())
+				.singleSignOnServiceBinding(assertingPartyDetails.getSingleSignOnServiceBinding())
+				.singleLogoutServiceLocation(assertingPartyDetails.getSingleLogoutServiceLocation())
+				.singleLogoutServiceResponseLocation(assertingPartyDetails.getSingleLogoutServiceResponseLocation())
+				.singleLogoutServiceBinding(assertingPartyDetails.getSingleLogoutServiceBinding()));
+	}
+
 	/**
 	 * Creates a {@code RelyingPartyRegistration} {@link Builder} based on an existing
 	 * object
@@ -510,7 +525,7 @@ public final class RelyingPartyRegistration {
 	 *
 	 * @since 5.4
 	 */
-	public static final class AssertingPartyDetails {
+	public static class AssertingPartyDetails {
 
 		private final String entityId;
 
@@ -532,7 +547,7 @@ public final class RelyingPartyRegistration {
 
 		private final Saml2MessageBinding singleLogoutServiceBinding;
 
-		private AssertingPartyDetails(String entityId, boolean wantAuthnRequestsSigned, List<String> signingAlgorithms,
+		AssertingPartyDetails(String entityId, boolean wantAuthnRequestsSigned, List<String> signingAlgorithms,
 				Collection<Saml2X509Credential> verificationX509Credentials,
 				Collection<Saml2X509Credential> encryptionX509Credentials, String singleSignOnServiceLocation,
 				Saml2MessageBinding singleSignOnServiceBinding, String singleLogoutServiceLocation,
@@ -701,7 +716,7 @@ public final class RelyingPartyRegistration {
 			return this.singleLogoutServiceBinding;
 		}
 
-		public static final class Builder {
+		public static class Builder {
 
 			private String entityId;
 
@@ -951,7 +966,7 @@ public final class RelyingPartyRegistration {
 		@Deprecated
 		public static final class Builder {
 
-			private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
+			private AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();
 
 			/**
 			 * Set the asserting party's <a href=
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
index 2f3913f5b4..9b116331cb 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistrations.java
@@ -18,11 +18,13 @@ package org.springframework.security.saml2.provider.service.registration;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.ArrayList;
 import java.util.Collection;
 
 import org.springframework.core.io.DefaultResourceLoader;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.security.saml2.Saml2Exception;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
 
 /**
  * A utility class for constructing instances of {@link RelyingPartyRegistration}
@@ -34,7 +36,7 @@ import org.springframework.security.saml2.Saml2Exception;
  */
 public final class RelyingPartyRegistrations {
 
-	private static final OpenSamlAssertingPartyMetadataConverter assertingPartyMetadataConverter = new OpenSamlAssertingPartyMetadataConverter();
+	private static final OpenSamlMetadataAssertingPartyDetailsConverter assertingPartyMetadataConverter = new OpenSamlMetadataAssertingPartyDetailsConverter();
 
 	private static final ResourceLoader resourceLoader = new DefaultResourceLoader();
 
@@ -123,7 +125,7 @@ public final class RelyingPartyRegistrations {
 	 * @since 5.6
 	 */
 	public static RelyingPartyRegistration.Builder fromMetadata(InputStream source) {
-		return assertingPartyMetadataConverter.convert(source).iterator().next();
+		return collectionFromMetadata(source).iterator().next();
 	}
 
 	/**
@@ -213,7 +215,11 @@ public final class RelyingPartyRegistrations {
 	 * @since 5.7
 	 */
 	public static Collection<RelyingPartyRegistration.Builder> collectionFromMetadata(InputStream source) {
-		return assertingPartyMetadataConverter.convert(source);
+		Collection<RelyingPartyRegistration.Builder> builders = new ArrayList<>();
+		for (AssertingPartyDetails.Builder builder : assertingPartyMetadataConverter.convert(source)) {
+			builders.add(RelyingPartyRegistration.withAssertingPartyDetails(builder.build()));
+		}
+		return builders;
 	}
 
 }
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverterTests.java
similarity index 90%
rename from saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverterTests.java
rename to saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverterTests.java
index ac81eba426..0c3c0a5e5c 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyMetadataConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverterTests.java
@@ -24,6 +24,7 @@ import java.util.Base64;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 import org.springframework.security.saml2.Saml2Exception;
@@ -31,7 +32,7 @@ import org.springframework.security.saml2.Saml2Exception;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
-public class OpenSamlAssertingPartyMetadataConverterTests {
+public class OpenSamlMetadataAssertingPartyDetailsConverterTests {
 
 	private static final String CERTIFICATE = "MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk";
 
@@ -56,11 +57,11 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 	private static final String SINGLE_SIGN_ON_SERVICE_TEMPLATE = "<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" "
 			+ "Location=\"sso-location\"/>";
 
-	private OpenSamlAssertingPartyMetadataConverter converter;
+	private OpenSamlMetadataAssertingPartyDetailsConverter converter;
 
 	@BeforeEach
 	public void setup() {
-		this.converter = new OpenSamlAssertingPartyMetadataConverter();
+		this.converter = new OpenSamlMetadataAssertingPartyDetailsConverter();
 	}
 
 	@Test
@@ -98,9 +99,8 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 								+ String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"") + EXTENSIONS_TEMPLATE
 								+ String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
 		InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
-		RelyingPartyRegistration registration = this.converter.convert(inputStream).iterator().next()
-				.registrationId("one").build();
-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
+		RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next()
+				.build();
 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
 		assertThat(details.getSigningAlgorithms()).containsExactly(SignatureConstants.ALGO_ID_DIGEST_SHA512);
 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
@@ -112,6 +112,11 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 		assertThat(details.getEncryptionX509Credentials()).hasSize(1);
 		assertThat(details.getEncryptionX509Credentials().iterator().next().getCertificate())
 				.isEqualTo(x509Certificate(CERTIFICATE));
+		assertThat(details).isInstanceOf(OpenSamlAssertingPartyDetails.class);
+		OpenSamlAssertingPartyDetails openSamlDetails = (OpenSamlAssertingPartyDetails) details;
+		EntityDescriptor entityDescriptor = openSamlDetails.getEntityDescriptor();
+		assertThat(entityDescriptor).isNotNull();
+		assertThat(entityDescriptor.getEntityID()).isEqualTo(details.getEntityId());
 	}
 
 	// gh-9051
@@ -124,9 +129,8 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 										+ String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"")
 										+ String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE))));
 		InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
-		RelyingPartyRegistration registration = this.converter.convert(inputStream).iterator().next()
-				.registrationId("one").build();
-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
+		RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next()
+				.build();
 		assertThat(details.getWantAuthnRequestsSigned()).isFalse();
 		assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
 		assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
@@ -144,9 +148,8 @@ public class OpenSamlAssertingPartyMetadataConverterTests {
 		String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE,
 				String.format(KEY_DESCRIPTOR_TEMPLATE, "") + String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
 		InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
-		RelyingPartyRegistration registration = this.converter.convert(inputStream).iterator().next()
-				.registrationId("one").build();
-		RelyingPartyRegistration.AssertingPartyDetails details = registration.getAssertingPartyDetails();
+		RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next()
+				.build();
 		assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate())
 				.isEqualTo(x509Certificate(CERTIFICATE));
 		assertThat(details.getEncryptionX509Credentials()).hasSize(1);