Revert "Add Registration to Saml2Authentication"

This reverts commit efe42b93ce.
2021-04-12 14:44:36 -06:00 · 2021-04-12 14:44:36 -06:00 · 8c92eddbe5
parent 55047fd996
commit 8c92eddbe5
4 changed files with 5 additions and 50 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc
@ -107,7 +107,6 @@ where
 * `https://idp.example.com/issuer` is the value contained in the `Issuer` attribute of the SAML responses that the identity provider will issue
 * `classpath:idp.crt` is the location on the classpath for the identity provider's certificate for verifying SAML responses, and
 * `https://idp.example.com/issuer/sso` is the endpoint where the identity provider is expecting `AuthnRequest` s.
-* `adfs` is <<servlet-saml2login-relyingpartyregistrationid, an arbitrary identifier you choose>>

 And that's it!

@ -191,7 +190,6 @@ image:{icondir}/number_10.png[] And finally, it takes the `NameID` from the firs
 Then, it places that principal and the authorities into a `Saml2Authentication`.

 The resulting `Authentication#getPrincipal` is a Spring Security `Saml2AuthenticatedPrincipal` object, and `Authentication#getName` maps to the first assertion's `NameID` element.
-`Saml2Authentication#getRelyingPartyRegistrationId` holds the <<servlet-saml2login-relyingpartyregistrationid,identifier to the associated `RelyingPartyRegistration`>>.

 [[servlet-saml2login-opensaml-customization]]
 ==== Customizing OpenSAML Configuration
@ -344,10 +342,6 @@ public RelyingPartyRegistrationRepository relyingPartyRegistrations() {
 ----
 ====

-[[servlet-saml2login-relyingpartyregistrationid]]
-[NOTE]
-The `registrationId` is an arbitrary value that you choose for differentiating between registrations.
-
 Or you can provide each detail manually, as you can see below:

 .Relying Party Registration Repository Manual Configuration
--- a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
+++ b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
@ -22,7 +22,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.util.Assert;

 /**
@ -42,40 +41,14 @@ public class Saml2Authentication extends AbstractAuthenticationToken {

 	private final String saml2Response;

-	private final String relyingPartyRegistrationId;
-
-	/**
-	 * Construct a {@link Saml2Authentication} using the provided parameters
-	 * @param principal the logged in user
-	 * @param saml2Response the SAML 2.0 response used to authenticate the user
-	 * @param authorities the authorities for the logged in user
-	 * @deprecated Use
-	 * {@link #Saml2Authentication(AuthenticatedPrincipal, String, Collection, String)}
-	 */
-	@Deprecated
 	public Saml2Authentication(AuthenticatedPrincipal principal, String saml2Response,
 			Collection<? extends GrantedAuthority> authorities) {
-		this(principal, saml2Response, authorities, null);
-	}
-
-	/**
-	 * Construct a {@link Saml2Authentication} using the provided parameters
-	 * @param principal the logged in user
-	 * @param saml2Response the SAML 2.0 response used to authenticate the user
-	 * @param authorities the authorities for the logged in user
-	 * @param relyingPartyRegistrationId the
-	 * {@link RelyingPartyRegistration#getRegistrationId} associated with this user
-	 * @since 5.5
-	 */
-	public Saml2Authentication(AuthenticatedPrincipal principal, String saml2Response,
-			Collection<? extends GrantedAuthority> authorities, String relyingPartyRegistrationId) {
 		super(authorities);
 		Assert.notNull(principal, "principal cannot be null");
 		Assert.hasText(saml2Response, "saml2Response cannot be null");
 		this.principal = principal;
 		this.saml2Response = saml2Response;
 		setAuthenticated(true);
-		this.relyingPartyRegistrationId = relyingPartyRegistrationId;
 	}

 	@Override
@ -96,14 +69,4 @@ public class Saml2Authentication extends AbstractAuthenticationToken {
 		return getSaml2Response();
 	}

-	/**
-	 * Get the registration id associated with the {@link RelyingPartyRegistration} that
-	 * this user belongs to
-	 * @return the relying party registration id
-	 * @since 5.5
-	 */
-	public String getRelyingPartyRegistrationId() {
-		return this.relyingPartyRegistrationId;
-	}
-
 }
--- a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
+++ b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@ -425,8 +425,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			String username = assertion.getSubject().getNameID().getValue();
 			Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
 			return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-					token.getSaml2Response(), Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")),
-					responseToken.token.getRelyingPartyRegistration().getRegistrationId());
+					token.getSaml2Response(), Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
 		};
 	}

@ -628,8 +627,8 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
 			String username = assertion.getSubject().getNameID().getValue();
 			Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
 			return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-					token.getSaml2Response(), this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)),
-					responseToken.token.getRelyingPartyRegistration().getRegistrationId());
+					token.getSaml2Response(),
+					this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
 		};
 	}

--- a/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
+++ b/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
@ -365,8 +365,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
 			String username = assertion.getSubject().getNameID().getValue();
 			Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
 			return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-					token.getSaml2Response(), AuthorityUtils.createAuthorityList("ROLE_USER"),
-					responseToken.token.getRelyingPartyRegistration().getRegistrationId());
+					token.getSaml2Response(), AuthorityUtils.createAuthorityList("ROLE_USER"));
 		};
 	}