Skip to content

Configuring RelyingPartyRegistration no longer works with just a metadata uri #17318

New issue
New issue
Open
Open
Configuring RelyingPartyRegistration no longer works with just a metadata uri#17318
Labels
status: waiting-for-triageAn issue we've not yet triagedtype: bugA general bug
@OrangeDog

Description

@OrangeDog
OrangeDog
opened on Jun 20, 2025

Describe the bug
After updating from Boot 3.5.0. to 3.5.3 the property-based SAML configuration no longer works.

java.lang.IllegalArgumentException: entityId cannot be null or empty
	at org.springframework.util.Assert.hasText(Assert.java:253)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.<init>(RelyingPartyRegistration.java:489)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails$Builder.build(RelyingPartyRegistration.java:847)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails$Builder.build(RelyingPartyRegistration.java:666)
	at org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$Builder.build(RelyingPartyRegistration.java:1126)
	at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.asRegistration(Saml2RelyingPartyRegistrationConfiguration.java:110)
	at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.asRegistration(Saml2RelyingPartyRegistrationConfiguration.java:78)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)
	at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1939)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
	at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
	at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
	at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
	at java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)
	at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.relyingPartyRegistrationRepository(Saml2RelyingPartyRegistrationConfiguration.java:73)
...

To Reproduce

spring.security.saml2.relyingparty.registration:
  test.assertingparty.metadata-uri: classpath:saml/mock.xml

Expected behavior
Asserting party metadata, including entityId, should be loaded from the metadata as in previous versions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triageAn issue we've not yet triagedtype: bugA general bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions