Disabling Holder-of-key profile

[erlendfg]

I found a workaround by defining my own host bean. Take a look in the metadata settings how I'm able to get the host name and the context path which do not contain port numbers.

Code:

<bean name="host" class="java.net.InetAddress" factory-method="getLocalHost"/>

<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
  ...
  <property name="entityBaseURL" value="https://#{host.canonicalHostName}#{servletContext.contextPath}"/>
  <property name="entityId" value="https://#{host.canonicalHostName}#{servletContext.contextPath}"/>
  ...

[vsch]

Hi,

I presumed you were using the entityBaseURL property all along and were getting port in your metadata even in case it wasn't part of the entityBaseURL - based on the configuration you've sent earlier:

<bean class="org.springframework.security.saml.metadata. MetadataGenerator">
<property name="entityBaseURL" value="https://w3utv-ws01.uio.no#{servletContext.contextPath}/"/>
<property name="entityId" value="https://ws01.uio.no#{servletContext.contextPath}/"/>
<property name="bindingsSSO" value="POST,HTTP-Redirect"/>
<property name="bindingsSLO" value="HTTP-Redirect"/>
<property name="includeDiscovery" value="false"/>
<property name="nameID" value="TRANSIENT,PERSISTENT"/>
</bean>

This indeed explains the port generation issue. I'll change the software so that only non-standard ports are included during generation without entityBaseURL.

Vladi

[vsch]

Hi Erlend,

Thanks for opening the Jira issue. There's a new feature available in trunk which covers your use-case - MetadataGeneratorFilter contains new property normalizeBaseUrl. Enabling it will remove default ports from the generated base url. Feature is disabled by default for backward compatibility reason.

Vladi