Use 'md:' prefix in EntityDescriptor XML

ClaudioConsolmagno · jzheaux · commit 07f9afe05770 · 2022-05-31T17:11:02.000-06:00
Create the EntityDescriptor object with EntityDescriptor.DEFAULT_ELEMENT_NAME instead of EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag is marshalled to xml with the 'md:' prefix, consistent with all other metadata tags. Closes #11283
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java
@@ -70,7 +70,7 @@ public OpenSamlMetadataResolver() {
 
 	@Override
 	public String resolve(RelyingPartyRegistration relyingPartyRegistration) {
-		EntityDescriptor entityDescriptor = build(EntityDescriptor.ELEMENT_QNAME);
+		EntityDescriptor entityDescriptor = build(EntityDescriptor.DEFAULT_ELEMENT_NAME);
 		entityDescriptor.setEntityID(relyingPartyRegistration.getEntityId());
 		SPSSODescriptor spSsoDescriptor = buildSpSsoDescriptor(relyingPartyRegistration);
 		entityDescriptor.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).add(spSsoDescriptor);
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolverTests.java
@@ -36,7 +36,7 @@ public void resolveWhenRelyingPartyThenMetadataMatches() {
 				.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
-		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
+		assertThat(metadata).contains("<md:EntityDescriptor").contains("entityID=\"rp-entity-id\"")
 				.contains("WantAssertionsSigned=\"true\"").contains("<md:KeyDescriptor use=\"signing\">")
 				.contains("<md:KeyDescriptor use=\"encryption\">")
 				.contains("<ds:X509Certificate>MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBh")
@@ -53,7 +53,7 @@ public void resolveWhenRelyingPartyNoCredentialsThenMetadataMatches() {
 				.build();
 		OpenSamlMetadataResolver openSamlMetadataResolver = new OpenSamlMetadataResolver();
 		String metadata = openSamlMetadataResolver.resolve(relyingPartyRegistration);
-		assertThat(metadata).contains("<EntityDescriptor").contains("entityID=\"rp-entity-id\"")
+		assertThat(metadata).contains("<md:EntityDescriptor").contains("entityID=\"rp-entity-id\"")
 				.contains("WantAssertionsSigned=\"true\"").doesNotContain("<md:KeyDescriptor use=\"signing\">")
 				.doesNotContain("<md:KeyDescriptor use=\"encryption\">")
 				.contains("Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"")
