Revert "Add Registration to Saml2Authentication"

jzheaux · jzheaux · commit 8c92eddbe597 · 2021-04-12T14:44:36.000-06:00
This reverts commit efe42b9.
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/saml2/saml2-login.adoc
@@ -107,7 +107,6 @@ where
 * `https://idp.example.com/issuer` is the value contained in the `Issuer` attribute of the SAML responses that the identity provider will issue
 * `classpath:idp.crt` is the location on the classpath for the identity provider's certificate for verifying SAML responses, and
 * `https://idp.example.com/issuer/sso` is the endpoint where the identity provider is expecting `AuthnRequest` s.
-* `adfs` is <<servlet-saml2login-relyingpartyregistrationid, an arbitrary identifier you choose>>
 
 And that's it!
 
@@ -191,7 +190,6 @@ image:{icondir}/number_10.png[] And finally, it takes the `NameID` from the firs
 Then, it places that principal and the authorities into a `Saml2Authentication`.
 
 The resulting `Authentication#getPrincipal` is a Spring Security `Saml2AuthenticatedPrincipal` object, and `Authentication#getName` maps to the first assertion's `NameID` element.
-`Saml2Authentication#getRelyingPartyRegistrationId` holds the <<servlet-saml2login-relyingpartyregistrationid,identifier to the associated `RelyingPartyRegistration`>>.
 
 [[servlet-saml2login-opensaml-customization]]
 ==== Customizing OpenSAML Configuration
@@ -232,7 +230,7 @@ static {
 				authnRequest.setForceAuthN(true);
             }
 		}
-
+		
 	    factory.getMarshallerFactory().registerMarshaller(AuthnRequest.DEFAULT_ELEMENT_NAME, marshaller);
 	});
 }
@@ -344,10 +342,6 @@ public RelyingPartyRegistrationRepository relyingPartyRegistrations() {
 ----
 ====
 
-[[servlet-saml2login-relyingpartyregistrationid]]
-[NOTE]
-The `registrationId` is an arbitrary value that you choose for differentiating between registrations.
-
 Or you can provide each detail manually, as you can see below:
 
 .Relying Party Registration Repository Manual Configuration
diff --git a/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java b/saml2/saml2-service-provider/core/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java
@@ -22,7 +22,6 @@
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.util.Assert;
 
 /**
@@ -42,40 +41,14 @@ public class Saml2Authentication extends AbstractAuthenticationToken {
 
 	private final String saml2Response;
 
-	private final String relyingPartyRegistrationId;
-
-	/**
-	 * Construct a {@link Saml2Authentication} using the provided parameters
-	 * @param principal the logged in user
-	 * @param saml2Response the SAML 2.0 response used to authenticate the user
-	 * @param authorities the authorities for the logged in user
-	 * @deprecated Use
-	 * {@link #Saml2Authentication(AuthenticatedPrincipal, String, Collection, String)}
-	 */
-	@Deprecated
 	public Saml2Authentication(AuthenticatedPrincipal principal, String saml2Response,
 			Collection<? extends GrantedAuthority> authorities) {
-		this(principal, saml2Response, authorities, null);
-	}
-
-	/**
-	 * Construct a {@link Saml2Authentication} using the provided parameters
-	 * @param principal the logged in user
-	 * @param saml2Response the SAML 2.0 response used to authenticate the user
-	 * @param authorities the authorities for the logged in user
-	 * @param relyingPartyRegistrationId the
-	 * {@link RelyingPartyRegistration#getRegistrationId} associated with this user
-	 * @since 5.5
-	 */
-	public Saml2Authentication(AuthenticatedPrincipal principal, String saml2Response,
-			Collection<? extends GrantedAuthority> authorities, String relyingPartyRegistrationId) {
 		super(authorities);
 		Assert.notNull(principal, "principal cannot be null");
 		Assert.hasText(saml2Response, "saml2Response cannot be null");
 		this.principal = principal;
 		this.saml2Response = saml2Response;
 		setAuthenticated(true);
-		this.relyingPartyRegistrationId = relyingPartyRegistrationId;
 	}
 
 	@Override
@@ -96,14 +69,4 @@ public Object getCredentials() {
 		return getSaml2Response();
 	}
 
-	/**
-	 * Get the registration id associated with the {@link RelyingPartyRegistration} that
-	 * this user belongs to
-	 * @return the relying party registration id
-	 * @since 5.5
-	 */
-	public String getRelyingPartyRegistrationId() {
-		return this.relyingPartyRegistrationId;
-	}
-
 }
diff --git a/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java b/saml2/saml2-service-provider/opensaml3/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
@@ -425,8 +425,7 @@ public static Converter<ResponseToken, Saml2Authentication> createDefaultRespons
 			String username = assertion.getSubject().getNameID().getValue();
 			Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
 			return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-					token.getSaml2Response(), Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")),
-					responseToken.token.getRelyingPartyRegistration().getRegistrationId());
+					token.getSaml2Response(), Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
 		};
 	}
 
@@ -628,8 +627,8 @@ private Converter<ResponseToken, Saml2Authentication> createCompatibleResponseAu
 			String username = assertion.getSubject().getNameID().getValue();
 			Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
 			return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-					token.getSaml2Response(), this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)),
-					responseToken.token.getRelyingPartyRegistration().getRegistrationId());
+					token.getSaml2Response(),
+					this.authoritiesMapper.mapAuthorities(getAssertionAuthorities(assertion)));
 		};
 	}
 
diff --git a/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java b/saml2/saml2-service-provider/opensaml4/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
@@ -365,8 +365,7 @@ public static Converter<ResponseToken, Saml2Authentication> createDefaultRespons
 			String username = assertion.getSubject().getNameID().getValue();
 			Map<String, List<Object>> attributes = getAssertionAttributes(assertion);
 			return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),
-					token.getSaml2Response(), AuthorityUtils.createAuthorityList("ROLE_USER"),
-					responseToken.token.getRelyingPartyRegistration().getRegistrationId());
+					token.getSaml2Response(), AuthorityUtils.createAuthorityList("ROLE_USER"));
 		};
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -365,8 +365,7 @@ public static Converter<ResponseToken, Saml2Authentication> createDefaultRespons`
`365`	`365`	`String username = assertion.getSubject().getNameID().getValue();`
`366`	`366`	`Map<String, List<Object>> attributes = getAssertionAttributes(assertion);`
`367`	`367`	`return new Saml2Authentication(new DefaultSaml2AuthenticatedPrincipal(username, attributes),`
`368`		`- token.getSaml2Response(), AuthorityUtils.createAuthorityList("ROLE_USER"),`
`369`		`- responseToken.token.getRelyingPartyRegistration().getRegistrationId());`
	`368`	`+ token.getSaml2Response(), AuthorityUtils.createAuthorityList("ROLE_USER"));`
`370`	`369`	`};`
`371`	`370`	`}`
`372`	`371`