* Remove friendly name.

* Make attributes map final in SamlInitiateSingleSignOnAttributes

Signed-off-by: lloydmeta <[email protected]>

Author: lloydmeta

x-pack/plugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/saml/authn/SuccessfulAuthenticationResponseMessageBuilder.java

@@ -233,7 +233,7 @@ private AttributeStatement buildAttributes(
         // Add custom attributes if provided
         if (customAttributes != null && customAttributes.getAttributes().isEmpty() == false) {
             for (Map.Entry<String, List<String>> entry : customAttributes.getAttributes().entrySet()) {
-                Attribute attribute = buildAttribute(entry.getKey(), entry.getKey(), entry.getValue());
+                Attribute attribute = buildAttribute(entry.getKey(), null, entry.getValue());
                 if (attribute != null) {
                     attributes.add(attribute);
                 }
@@ -247,20 +247,22 @@ private AttributeStatement buildAttributes(
         return statement;
     }
 
-    private Attribute buildAttribute(String formalName, String friendlyName, String value) {
+    private Attribute buildAttribute(String formalName, @Nullable String friendlyName, String value) {
         if (Strings.isNullOrEmpty(value)) {
             return null;
         }
         return buildAttribute(formalName, friendlyName, List.of(value));
     }
 
-    private Attribute buildAttribute(String formalName, String friendlyName, Collection<String> values) {
+    private Attribute buildAttribute(String formalName, @Nullable String friendlyName, Collection<String> values) {
         if (values.isEmpty() || Strings.isNullOrEmpty(formalName)) {
             return null;
         }
         final Attribute attribute = samlFactory.object(Attribute.class, Attribute.DEFAULT_ELEMENT_NAME);
         attribute.setName(formalName);
-        attribute.setFriendlyName(friendlyName);
+        if (Strings.isNullOrEmpty(friendlyName) == false) {
+            attribute.setFriendlyName(friendlyName);
+        }
         attribute.setNameFormat(Attribute.URI_REFERENCE);
         for (String val : values) {
             final XSString string = samlFactory.object(XSString.class, AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);

x-pack/plugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/saml/support/SamlInitiateSingleSignOnAttributes.java

@@ -29,10 +29,10 @@
  * Each attribute has a key and a list of values.
  */
 public class SamlInitiateSingleSignOnAttributes implements Writeable, ToXContentObject {
-    private Map<String, List<String>> attributes;
+    private final Map<String, List<String>> attributes;
 
-    public SamlInitiateSingleSignOnAttributes() {
-        this.attributes = new HashMap<>();
+    public SamlInitiateSingleSignOnAttributes(Map<String, List<String>> attributes) {
+        this.attributes = attributes;
     }
 
     /**
@@ -42,11 +42,6 @@ public Map<String, List<String>> getAttributes() {
         return Collections.unmodifiableMap(attributes);
     }
 
-    public SamlInitiateSingleSignOnAttributes setAttributes(Map<String, List<String>> attributes) {
-        this.attributes = new HashMap<>(attributes);
-        return this;
-    }
-
     /**
      * Creates a SamlInitiateSingleSignOnAttributes object by parsing the provided JSON content.
      * Expects a JSON structure like: { "attr1": ["val1", "val2"], "attr2": ["val3"] }
@@ -66,9 +61,7 @@ public static SamlInitiateSingleSignOnAttributes fromXContent(XContentParser par
                 attributes.put(key, values);
             }
         }
-        SamlInitiateSingleSignOnAttributes attributesObj = new SamlInitiateSingleSignOnAttributes();
-        attributesObj.setAttributes(attributes);
-        return attributesObj;
+        return new SamlInitiateSingleSignOnAttributes(attributes);
     }
 
     @Override

x-pack/plugin/identity-provider/src/test/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequestTests.java

@@ -54,23 +54,21 @@ public void testDuplicateAttributeKeysValidation() {
         request.setAssertionConsumerService("https://kibana_url/acs");
 
         // Test with valid attribute keys
-        SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes();
         Map<String, List<String>> attributeMap = new HashMap<>();
         attributeMap.put("key1", Collections.singletonList("value1"));
         attributeMap.put("key2", Arrays.asList("value2A", "value2B"));
-        attributes.setAttributes(attributeMap);
+        SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
         request.setAttributes(attributes);
 
         // Should pass validation
         ActionRequestValidationException validationException = request.validate();
         assertNull("Request with valid attribute keys should pass validation", validationException);
 
         // Test with empty attribute key - should be invalid
-        attributes = new SamlInitiateSingleSignOnAttributes();
         attributeMap = new HashMap<>();
         attributeMap.put("", Collections.singletonList("value1"));
         attributeMap.put("unique_key", Collections.singletonList("value2"));
-        attributes.setAttributes(attributeMap);
+        attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
         request.setAttributes(attributes);
 
         // Should fail validation with appropriate error message

x-pack/plugin/identity-provider/src/test/java/org/elasticsearch/xpack/idp/saml/authn/SuccessfulAuthenticationResponseMessageBuilderTests.java

@@ -62,16 +62,14 @@ public void testSignedResponseIsValidAgainstXmlSchema() throws Exception {
 
     public void testSignedResponseWithCustomAttributes() throws Exception {
         // Create custom attributes
-        SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes();
         Map<String, List<String>> attributeMap = new HashMap<>();
         attributeMap.put("customAttr1", Collections.singletonList("value1"));
 
         List<String> multipleValues = new ArrayList<>();
         multipleValues.add("value2A");
         multipleValues.add("value2B");
         attributeMap.put("customAttr2", multipleValues);
-
-        attributes.setAttributes(attributeMap);
+        SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
 
         // Build response with custom attributes
         final Response response = buildResponse(attributes);

x-pack/plugin/identity-provider/src/test/java/org/elasticsearch/xpack/idp/saml/support/SamlInitiateSingleSignOnAttributesTests.java

@@ -35,24 +35,18 @@
 public class SamlInitiateSingleSignOnAttributesTests extends ESTestCase {
 
     public void testConstructors() throws Exception {
-        // Test default constructor
-        final SamlInitiateSingleSignOnAttributes attributes1 = new SamlInitiateSingleSignOnAttributes();
+        final SamlInitiateSingleSignOnAttributes attributes1 = new SamlInitiateSingleSignOnAttributes(Collections.emptyMap());
         assertThat(attributes1.getAttributes(), Matchers.anEmptyMap());
 
-        // Test a second instance is also empty (not holding state)
-        final SamlInitiateSingleSignOnAttributes attributes2 = new SamlInitiateSingleSignOnAttributes();
-        assertThat(attributes2.getAttributes(), Matchers.anEmptyMap());
-
         // Test adding attributes
         Map<String, List<String>> attributeMap = new HashMap<>();
         attributeMap.put("key1", Collections.singletonList("value1"));
-        final SamlInitiateSingleSignOnAttributes attributes3 = new SamlInitiateSingleSignOnAttributes();
-        attributes3.setAttributes(attributeMap);
+        final SamlInitiateSingleSignOnAttributes attributes3 = new SamlInitiateSingleSignOnAttributes(attributeMap);
         assertThat(attributes3.getAttributes().size(), equalTo(1));
     }
 
     public void testEmptyAttributes() throws Exception {
-        final SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes();
+        final SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes(Collections.emptyMap());
 
         // Test toXContent
         XContentBuilder builder = XContentFactory.jsonBuilder();
@@ -70,12 +64,10 @@ public void testEmptyAttributes() throws Exception {
     }
 
     public void testWithAttributes() throws Exception {
-        final SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes();
-
         Map<String, List<String>> attributeMap = new HashMap<>();
         attributeMap.put("key1", Arrays.asList("value1", "value2"));
         attributeMap.put("key2", Collections.singletonList("value3"));
-        attributes.setAttributes(attributeMap);
+        final SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
 
         // Test getAttributes
         Map<String, List<String>> returnedAttributes = attributes.getAttributes();
@@ -121,38 +113,28 @@ public void testWithAttributes() throws Exception {
     }
 
     public void testToString() {
-        final SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes();
         Map<String, List<String>> attributeMap = new HashMap<>();
         attributeMap.put("key1", Arrays.asList("value1", "value2"));
-        attributes.setAttributes(attributeMap);
+        final SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
 
         String toString = attributes.toString();
         assertThat(toString, containsString("SamlInitiateSingleSignOnAttributes"));
         assertThat(toString, containsString("key1"));
         assertThat(toString, containsString("value1"));
         assertThat(toString, containsString("value2"));
 
-        // Add another attribute
-        attributeMap.put("key2", Collections.singletonList("value3"));
-        attributes.setAttributes(attributeMap);
-
-        toString = attributes.toString();
-        assertThat(toString, containsString("key2"));
-        assertThat(toString, containsString("value3"));
-
         // Test empty attributes
-        final SamlInitiateSingleSignOnAttributes emptyAttributes = new SamlInitiateSingleSignOnAttributes();
+        final SamlInitiateSingleSignOnAttributes emptyAttributes = new SamlInitiateSingleSignOnAttributes(Collections.emptyMap());
         toString = emptyAttributes.toString();
         assertThat(toString, containsString("SamlInitiateSingleSignOnAttributes"));
         assertThat(toString, containsString("attributes={}"));
     }
 
     public void testValidation() throws Exception {
         // Test validation with empty key
-        SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes();
         Map<String, List<String>> attributeMap = new HashMap<>();
         attributeMap.put("", Arrays.asList("value1", "value2"));
-        attributes.setAttributes(attributeMap);
+        SamlInitiateSingleSignOnAttributes attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
 
         ActionRequestValidationException validationException = attributes.validate();
         assertNotNull(validationException);
@@ -161,7 +143,7 @@ public void testValidation() throws Exception {
         // Test validation with null key
         attributeMap = new HashMap<>();
         attributeMap.put(null, Collections.singletonList("value"));
-        attributes.setAttributes(attributeMap);
+        attributes = new SamlInitiateSingleSignOnAttributes(attributeMap);
 
         validationException = attributes.validate();
         assertNotNull(validationException);
@@ -173,19 +155,17 @@ public void testEqualsAndHashCode() {
         attributeMap1.put("key1", Arrays.asList("value1", "value2"));
         attributeMap1.put("key2", Collections.singletonList("value3"));
 
-        SamlInitiateSingleSignOnAttributes attributes1 = new SamlInitiateSingleSignOnAttributes();
-        attributes1.setAttributes(attributeMap1);
+        SamlInitiateSingleSignOnAttributes attributes1 = new SamlInitiateSingleSignOnAttributes(attributeMap1);
 
         Map<String, List<String>> attributeMap2 = new HashMap<>();
         attributeMap2.put("key1", Arrays.asList("value1", "value2"));
         attributeMap2.put("key2", Collections.singletonList("value3"));
 
-        SamlInitiateSingleSignOnAttributes attributes2 = new SamlInitiateSingleSignOnAttributes();
-        attributes2.setAttributes(attributeMap2);
+        SamlInitiateSingleSignOnAttributes attributes2 = new SamlInitiateSingleSignOnAttributes(attributeMap2);
 
         // Test equals
-        assertTrue(attributes1.equals(attributes2));
-        assertTrue(attributes2.equals(attributes1));
+        assertEquals(attributes1, attributes2);
+        assertEquals(attributes2, attributes1);
 
         // Test hashCode
         assertThat(attributes1.hashCode(), equalTo(attributes2.hashCode()));
@@ -195,19 +175,17 @@ public void testEqualsAndHashCode() {
         attributeMap3.put("key1", Arrays.asList("different", "value2"));
         attributeMap3.put("key2", Collections.singletonList("value3"));
 
-        SamlInitiateSingleSignOnAttributes attributes3 = new SamlInitiateSingleSignOnAttributes();
-        attributes3.setAttributes(attributeMap3);
+        SamlInitiateSingleSignOnAttributes attributes3 = new SamlInitiateSingleSignOnAttributes(attributeMap3);
 
-        assertFalse(attributes1.equals(attributes3));
+        assertNotEquals(attributes1, attributes3);
 
         // Test with missing key
         Map<String, List<String>> attributeMap4 = new HashMap<>();
         attributeMap4.put("key1", Arrays.asList("value1", "value2"));
 
-        SamlInitiateSingleSignOnAttributes attributes4 = new SamlInitiateSingleSignOnAttributes();
-        attributes4.setAttributes(attributeMap4);
+        SamlInitiateSingleSignOnAttributes attributes4 = new SamlInitiateSingleSignOnAttributes(attributeMap4);
 
-        assertFalse(attributes1.equals(attributes4));
+        assertNotEquals(attributes1, attributes4);
     }
 
     private SamlInitiateSingleSignOnAttributes parseFromJson(String json) throws IOException {