elastic · lloydmeta · Jun 3, 2025 · Jun 3, 2025 · Jun 3, 2025 · Jun 3, 2025
diff --git a/docs/changelog/128798.yaml b/docs/changelog/128798.yaml
@@ -0,0 +1,5 @@
+pr: 128798
+summary: Add transport version support for IDP_CUSTOM_SAML_ATTRIBUTES_ADDED_8_19
+area: IdentityProvider
+type: enhancement
+issues: []
diff --git a/server/src/main/java/org/elasticsearch/TransportVersions.java b/server/src/main/java/org/elasticsearch/TransportVersions.java
@@ -184,6 +184,7 @@ static TransportVersion def(int id) {
     public static final TransportVersion ML_INFERENCE_SAGEMAKER_CHAT_COMPLETION_8_19 = def(8_841_0_37);
     public static final TransportVersion ML_INFERENCE_VERTEXAI_CHATCOMPLETION_ADDED_8_19 = def(8_841_0_38);
     public static final TransportVersion INFERENCE_CUSTOM_SERVICE_ADDED_8_19 = def(8_841_0_39);
+    public static final TransportVersion IDP_CUSTOM_SAML_ATTRIBUTES_ADDED_8_19 = def(8_841_0_40);
     public static final TransportVersion V_9_0_0 = def(9_000_0_09);
     public static final TransportVersion INITIAL_ELASTICSEARCH_9_0_1 = def(9_000_0_10);
     public static final TransportVersion INITIAL_ELASTICSEARCH_9_0_2 = def(9_000_0_11);

diff --git a/...der/src/main/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequest.java b/...der/src/main/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequest.java
@@ -31,7 +31,8 @@ public SamlInitiateSingleSignOnRequest(StreamInput in) throws IOException {
         spEntityId = in.readString();
         assertionConsumerService = in.readString();
         samlAuthenticationState = in.readOptionalWriteable(SamlAuthenticationState::new);
-        if (in.getTransportVersion().onOrAfter(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)) {
+        if (in.getTransportVersion().isPatchFrom(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ADDED_8_19)
+            || in.getTransportVersion().onOrAfter(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)) {
             attributes = in.readOptionalWriteable(SamlInitiateSingleSignOnAttributes::new);
         }
     }
@@ -99,7 +100,8 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeString(spEntityId);
         out.writeString(assertionConsumerService);
         out.writeOptionalWriteable(samlAuthenticationState);
-        if (out.getTransportVersion().onOrAfter(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)) {
+        if (out.getTransportVersion().isPatchFrom(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ADDED_8_19)
+            || out.getTransportVersion().onOrAfter(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)) {
             out.writeOptionalWriteable(attributes);
         }
     }

diff --git a/...rc/test/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequestTests.java b/...rc/test/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequestTests.java
@@ -63,6 +63,42 @@ public void testSerializationCurrentVersion() throws Exception {
         }
     }
 
+    public void testSerializationOldButCompatibleTransportVersion() throws Exception {
+        final SamlInitiateSingleSignOnRequest request = new SamlInitiateSingleSignOnRequest();
+        request.setSpEntityId("https://kibana_url");
+        request.setAssertionConsumerService("https://kibana_url/acs");
+        if (randomBoolean()) {
+            request.setAttributes(
+                new SamlInitiateSingleSignOnAttributes(
+                    Map.ofEntries(
+                        Map.entry("http://idp.elastic.co/attribute/custom1", List.of("foo")),
+                        Map.entry("http://idp.elastic.co/attribute/custom2", List.of("bar", "baz"))
+                    )
+                )
+            );
+        }
+        assertThat("An invalid request is not guaranteed to serialize correctly", request.validate(), nullValue());
+        final BytesStreamOutput out = new BytesStreamOutput();
+        out.setTransportVersion(
+            TransportVersionUtils.randomVersionBetween(
+                random(),
+                TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ADDED_8_19,
+                TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)
+            )
+        );
+        request.writeTo(out);
+
+        try (StreamInput in = out.bytes().streamInput()) {
+            in.setTransportVersion(out.getTransportVersion());
+            final SamlInitiateSingleSignOnRequest request1 = new SamlInitiateSingleSignOnRequest(in);
+            assertThat(request1.getSpEntityId(), equalTo(request.getSpEntityId()));
+            assertThat(request1.getAssertionConsumerService(), equalTo(request.getAssertionConsumerService()));
+            assertThat(request1.getAttributes(), equalTo(request.getAttributes()));
+            final ActionRequestValidationException validationException = request1.validate();
+            assertNull(validationException);
+        }
+    }
+
     public void testSerializationOldTransportVersion() throws Exception {
         final SamlInitiateSingleSignOnRequest request = new SamlInitiateSingleSignOnRequest();
         request.setSpEntityId("https://kibana_url");
@@ -83,7 +119,7 @@ public void testSerializationOldTransportVersion() throws Exception {
             TransportVersionUtils.randomVersionBetween(
                 random(),
                 TransportVersions.MINIMUM_COMPATIBLE,
-                TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)
+                TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ADDED_8_19)
             )
         );
         request.writeTo(out);