From bcc4b415b331f519025cbb763e60412fa3373c50 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Sat, 21 Dec 2024 17:37:48 +0700
Subject: [PATCH 1/2] Make RelyingPartyRegistration Serializable

Closes gh-16286
---
 ...ringSecurityCoreVersionSerializableTests.java |  10 ++++++++++
 ...ity.saml2.core.Saml2X509Credential.serialized | Bin 0 -> 1623 bytes
 ...Registration$AssertingPartyDetails.serialized | Bin 0 -> 2621 bytes
 ...istration.RelyingPartyRegistration.serialized | Bin 0 -> 5861 bytes
 .../security/saml2/core/Saml2X509Credential.java |   7 +++++--
 .../registration/AssertingPartyMetadata.java     |   3 ++-
 .../registration/RelyingPartyRegistration.java   |   9 +++++++--
 7 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.core.Saml2X509Credential.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 49348ba3a4..aea7544c58 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -173,6 +173,8 @@ import org.springframework.security.oauth2.server.resource.introspection.OAuth2I
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
 import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.Saml2Error;
+import org.springframework.security.saml2.core.Saml2X509Credential;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
@@ -181,6 +183,9 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
@@ -490,6 +495,11 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> TestSaml2PostAuthenticationRequests.create());
 		generatorByClassName.put(Saml2RedirectAuthenticationRequest.class,
 				(r) -> TestSaml2RedirectAuthenticationRequests.create());
+		generatorByClassName.put(Saml2X509Credential.class,
+				(r) -> TestSaml2X509Credentials.relyingPartyVerifyingCredential());
+		generatorByClassName.put(AssertingPartyDetails.class,
+				(r) -> TestRelyingPartyRegistrations.full().build().getAssertingPartyMetadata());
+		generatorByClassName.put(RelyingPartyRegistration.class, (r) -> TestRelyingPartyRegistrations.full().build());
 
 		// web
 		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.core.Saml2X509Credential.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.core.Saml2X509Credential.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..736cb69fc1319f82d2711a50bcc62f723bdd2428
GIT binary patch
literal 1623
zcmZ4UmVvdnh`~C)C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5I59WJNH00RC{-^Q
z#EdXCuyig;O-aow$xO`o`0U%}O_{HnnHZRT7`T&Di%K%nGLsWaQcD<Ae6kYD67^vQ
z>4PNo!MYKutbG{xli`MiR2HNbmoV@{G?tcR=I95fmH^do0UcKcG}Jq_vV=hj&D;RE
zoOMM3&^x*yYZ2}TS*z!auu=ty9h6$osh&0W<T@K3CI+Tx29}h>lEe}q%gKj<r3C1j
z5(XiNZ8?c~>H5JXpfCd3Qd$I3v*xq-4>pdF2TTkM6$K0oEaC=DEW!p&OurW}GchtT
zaWb@<t~PqT|6RHPFB_*;n@8JsUPeZ4RtAH{`G(vEoNUaYENsF|p}{Z?2M?38zoCeM
z5J-ldhub-^xFjc4At*mN+fc?p3M9(KBMgcJg%Dsk0iB`{oLW?tS_CtIn}^9W#8AON
z4y2TsN4z*Qw;(4K6oCa91$xP8i3J74dYSoP6)*>JGKvYNWhCZhW;+yQmgScu<^WX~
z$cghBni?1x85<dym>L*IiSrtPxIh5r4gnuDF)ASkJ0mLta}y&!gFzD`7gG}>Bg2lO
zx^2QS-m4~;KlnL&&4TC&PmlJSE>OSrZ)x=`*WXplwSRX#5~yl#f3|#*rfBf=+U`s2
z#W!cH*Jlfley+9mcW88UzCiV7m6(l{rrT>&<v6+Ja&{iLwIu5DmXxDbR;GV<JW8GB
zVkKMDc%;TuC|~??`XZL2TFM@+W^M()q9P+A!kw=qX0l9P<{+=lc-}yzAyy_lU~awe
zwz!AstKK#(lrT0EHF{Jgp7m8$)%2`_{-Nm+_Ny*Rgm?;mclegMJ!1J;U3JT%h|d@6
zFURZZhXsg!pIN)|_|Y>zS5LU4v;AVEH&;G;zxN5&lxja#htD7MSlu6SC3Z~w-uJCq
z`BCLmeNiT6Mh3>k0S0~svcS|L%f}+dB69h}zoz1ePg&;G?L6vqAl-5iQ?ImvJV;uZ
zMZ!R=0lNYokOE;ARs&{6#{bA+4ovF6FlS`YH`HTseEh#_YDLe(om1ZJ-`X(ypHdv-
z?Y_AZDQdpVxwYTE1)NS3xvc-E{_y{_9jY;Vc6}C_*Khtbte(&1N$A>?yGAY9{$J(S
zr&V43)oyks;orR8`jd)&)rCqb$~#M66l$5V%n-?ccGO;XqF351V~zU<4cvBdEqZr!
z&+Ye`hGF}TgoJ*WcKPEO|KJ(>{TP&ePsGKkl=irsOwHP=Kk?|(_O86+ojPCNZ4SS1
zfn9fV+4=Y@y|0e(%Ed2Am)iR1?~Eq@m!6H`+fzaxRata1DK%d17LTq@y0CToblLLc
zFjeRNx6@__H-6$gvb1Wx@*};bE%SAx4ezgC!m*m~ZeQ_>loAHk2t8n_2`rn$!DSPu
zWYhD>%*#$q@klJr0G4q#a;`^By{jb$DoTnN1QDvB^1EDGr%v0k-Gmub)RgluFfa(%
zI{--r2FAJ~hF}T`a1|_tI;b258xACdz%Jqgy9iVW>bd5X<|0cLlrZpwxdwT<c{)3W
Kc>4QQ6aWAd4?b4_

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..55aff67094f6c4b9a588a6ef4a357f01ebe114d2
GIT binary patch
literal 2621
zcmdT`Yj6`)6u!Gj-zk(92!bt@1d&R1Hz}zC&d`z;sf4zZqz_vJ*W@<cc9UIpZ<?eP
zO5>x-Q&gbJ@DLx2fHI0$U{riig%L-vz8!p2LDT^s9g2#8_okGlOr3GYU+#~c-Fv=!
z&OP7x&e`308pNpzkR-*+sInsXy|oJOgF#7YU{vT1C;|#ID(@35jI2nFf(I&iU1=2D
zkWrvlP?5qTLGm*WD2DOwGG0MpM~uN(pkh4gHx)v}3!)k}cxHc@bIM7B<Z7S~@_tkh
zKy`ixToiyRQk{a=4?T8p4fMN}uuK9}S-EL81$v+#3B0HxFxp<vH}Y%%2_kEgL=n0P
zY=#{q5(o+xdk{$P!-%}!%Q_Ls4%<hl*gJkK5WNykug-^^rNub2<D@Wbtco!rv`bzo
zfSi3P&l3C|yox}D9TUc0MHt&p7#k&w?I#ScM+swN31gjv)Ok=<c`v-|7e^g8L{z)v
zj&i&RECI9~7>0m2pejp#6`ytx^l}b_&Qky29EdaRm3V^?S2-Ei2o<4L=yQBk8Hg7u
zBvV*IdQuLCl!LJg{s!oo!>e^ph&~lRsa|_LCyNFkq<|3vsLS^Kh4-ypx3^=e2HWMJ
z4giogGauja6+%GA%cj11ngkDyVi?#zP;}MkjMfTCep0-gpC_l?vTeh98c=qS07dA-
z9tMk{^saiWml+`$0dpNf@^qFB27^p6mmzhvaGaUtrm`WQ=)qz!`6LAz6qPrrb-cxz
zw?qN1|J*M_l)o=&0MesO4U1+<q{|ff1HM=zK6Rp_sIb^kWOE^KBS}ET8SpX#L%dHG
zVKfUds@%(3RQfs#fhqqE-6tnf-ZTWp{=*(sl~e+WA5=CXh8h2YA2()|iPA7wRKK3=
z-Tk8Q<2^Lc*g=Y$43DV#AOgm|Hoekk#K=Z>51?=p4R>D|6t1w02MQP-)8AN=7?X^L
zT_ca+To}d)Ugfv!iVaHyr(=rNqCYG{!ZNmjkj9v22b3S2RKM}?^S9_|K-U1RhetfZ
zPqXYmi|}a(VRT3iC}eGCkN)@gMAz4(Ib;B|dM={P;3D+-EgG7l=_Jr*-C_CZz!@)>
z8lRMN|D5~JrBYN%9N=0vn^U-?cul!BK7%fI_P-?RXj`dyB$rMs3Az*;uObm<J0y35
z`C4u)Sxweu5Yn?<m>1kN*<>t0rQbn{jxKhYv$-q+)#&u9K=h>I4RW2#xNCV?RvAHx
zBKi-MM2#L%TgUr_hJ0CQln^gs1ec{xHCs80CD&q^YUOgP^{E!}im&MF{~&`1H6fOE
zDh_BO)NsH>sAM`qQDCpK<mHU{bGJVd{Q8d#JGaz4bfR;$b<3oWFFxJ;c+vSL&EgCD
zyVIK5+D>kJc=9Oc`o+sXNKij(-^IpP)_kAy>iP1T8Y!*0$2k9mu(jjviCIZ0S>nFe
zKYyya>m^U;^y$_Md%NMf!s(ex>%qIN>5{(7yH(qnW0-Sa-fa2L>f5WTDs3O~g7%ST
z^2gsuz0Vn!-f?YZ*~XTPmlu5F-F`aq#F*T?QI_sTef`<YiPrbB**Di$&D?%$jH`IW
zx%^(CqiWlGrb*M3s-9ylT?<WYMcJrxk1c-ooz5eF?0D#dDILddpPMWtte$%)&eL2H
zm*4XX6L)KOGXKDubE|rr4c+0j>?m480qV&zu7u0PYRMd?9jzVNb?9P5U2{UaY019M
zS+9GiZKYR^<Hi%SK|6*Uy>w`RjsP;Wah!&tF2!<=rH(nL0BdHn1>as;wl=iln|+U-
zIk0ExhKmyxP+zRtIL34RJdJO0Z*SSVwIjROzgph9RJ(WL{8#q(q;Fb%(}{|fVTIq7
zKj%4axwoP8?D$=^O&|T)mUraNi<?%q9KNokdC>%;VPD|XqMST!`$*|z=S<U@+iD-r
zz2U1jxY_%Yx1Q;I<%^#un=4*B=qmqZUDvNiN}cToN`PVBp#=+!ffa>^Vf`L<P3MWW
zW&U>_oO1Te?#iP_6HL1s-(UFQ${*iO&04tCJ9ba^h4x7455=vO9iH;;rkj`36I#2L
z>uZ|tI=ZK0eP+;IG10dA^t$$p*58s2KHaq0(9J|%+B{{P`Kw(|CGHq@e3g0%|H{Nw
vG58N?sBw!wN6!B+ZjD2XU@|phKR9G&4aXnjiXunx>|$GitGKizB!~V6OyQY&

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..5640654bba1de9bab85d7ba701215b9edb52b565
GIT binary patch
literal 5861
zcmeHLc~leU7XPvUf&tkCQCT!l6(pGif}*v80Tc;B2|*A<$7BeRY|IQ0pn&0FsS8kQ
z71U>4>QZs5Rf<p*TcP68x?o$iM^vm^TeqV4uxj5o6TrZu%Q-#oyuNdqKjvh<d%t_{
zcbDJ2-|V~#EC?JV>2M{F(BmqtG7U#HSdI?Q;1QTS3s;f3JOb6Ig*-j3%T_5c9IoTp
zDmli(F{O$iag<c)w7fV>oeOuzqBxlwXGXXbR%GzpF5@x*XAW>ev&eL99G01d5hNj1
zDYckF0$fl6iX?k>M`I+aKuMGYNfKxlzn@wB9<%tgS^OTe;5uy<-`p&I=zyXpOMqv$
zQk_<;(-K)4440brPg7|X&=e9R{CVwC%5l*cL7+;kTP{@X^=qmnIyvo35;#g0qS+{4
zjcS#ADM^I|?sHRMay(a0xjRvW1dDM@foVw<swPO_V%m^Js?>b3POZk|6dT+$h+-jg
zBNdsT5U?bGqlMv(R7B`-4N7*e*_penm(zuS@qwEA>7w?qC13;rNoq`@Q|hwFzOEyF
zgQe$)-I}=rNQuJ;Jq!sHZSn@qYS06irn>)HntJz5lrWfsDm9VIRYbJ;-j*_f%^cvG
zgKEjpffCpa)BZ|ex;@c92oBw@4OJ_3u)@+cFoO1G5tP8Xg0UMufOopnh!V^kI0}9I
zCINrg#l8Bdx{T5GjcH$feK`8*8<CCSsx*};b_3;(LC=7pbfprUN98L|qS9tyiWw-8
zF2%?T>Tl+(yzJ}21i*j;hnHO4^oFp-D_0$;3uHmMK8FJUu%8+NpYUfO0SDFln-bn%
zrGQ$vFZaK!3c_1T=Ps$!QjYe$KhFNuZELHTfFS`^m>SbS34Kd2X2C*OP?HUM5(v^s
zQa_2$&&kQ*<pl63fD$5zfR6<74H~rq2G(Dr!!a&Sp#DTUDij43;voJ{=j{MUVmdSc
zj<l!j=#x@_!3)=BY0Qbx>OpbgVUcm+;&>AHQ3oL42~a%`GoTv18lz94rYpG{RB;nT
zlVJQG<2F?+l_X9i82&4J2tr3ggLR*<QOPj*5BNt8y~?BA&^M_b-t64>k?Q+@Fe!8!
zET<X?oqZSyyiFz5+b}31pWgkF3zpdsc`uU2=jvf+0z=Gd5#}W1v4OoY8zr$QEEgWI
zpWN798cY#*9Dh0%J!*NBTAui&N^i6OahQI|n1$<(?|zlT1k7Z>Hg!H`@-zuxlh7K<
zr!0d$3y0KcJ3CzeWjQGRDpeeM0NAcbG200#X8yc^#bhv<)}U0hL-<4EJtbmmY3=*w
zj5nXyG8ls`0AgG(7>rn3vSe&aC#Fo=^D>CT6vqgh5l4z*#ThI{2~v%D#p&c3f|1B@
zYSo70L^<6n9{L4VjTZ$A7~UgbFozi#FYrP<C{`B7l~7UnM8FODbUja=hU)bMPo<+d
zdJM8=xHzPxqgqu)h+dVgBT+TvKs;P+1tLT!3=j$fMM%ILS6d<V3V-zL|G^208KceJ
z&aeQiV#W}F6f<m?#S8{GfERx3loD05BIjz?+MOGc-@egYA=)tJ>la({*M$F^$0~T<
z&~BesT6%NaJL85*s|uE#vm!25@8Mg{PQK-P=x14Svd%ug!#ibfuBh$}9}nxn9_sod
zmp0F7-LGh#G)eUQKs&Z7Y?3=}Y<ffFsB>*qZeln4a%U_KiqJoula!b^TYMf>u~%#j
z@$_SyM!Xlz9XUI8U6Iqrsn?V>cZ)X;3kVu2Y|nOG_}JY?^o1Ayv#P|YHD`y#M>;$S
z=~UGvZu`Q2Ofa6<aki*+o<Bb!cIcDU1>27`pX%E2_POzOXOp6AbXFBnEf$LWSr#E3
z4|o>S+ilRdDxZ{h=5yO~SMrB4Sq#8<KNgvVxWjC5w`04oom*R86cd#<*zXnAH%~jF
z4Bo^n8-aLIWG;Ic;<9L91`fsG#I`_K48||!K8L9eea--U0goMe{g<UH4a=|9zk9E-
zcG21wqf;5*maiM8cqN*pDd_BsJ(=d*%70dL^p~^)J}CzqIvn4tm~bPZ$S&+V*)GLp
zVM#{JW6wQld0#y(4LUXd#d~E%$4AY|&m8T|t<Soh=^MnZcGlf&p6XvYGi^=4*ejnR
z5e+t*?lm9$_Wn3Q!r`WP*@IQB4^PENs~cwlZgfj(s(04%u;bXmT7G5ojnbvsV@t+A
zzPE4onKM@Y`?62ZJ74zw=e8d6HYtbKwm+{fj=2+QoL#4owdYM-#vE;IUFMpczu-)5
zU6p%|Ji$j?ad%a<lkq3(rY(8vx$V5-{p-h%5M0@_dC(5K%jLvv1qmz?d2mD=2yS6J
zlKu&}^&S9%DbzG?I22|%!e*Qh9v2xADGrT~jG1N78w#m)2NJMjW2CSV^|lGTZzDqG
z1jNu+2JYN4twyJS0FN$!vnOoc&xZI2YJV)Zr<*rh4Ob{7R&aC}|N8=7js$Mgz@n3>
zPvF!6X8?wrlEJ2--1(&x)0jdj<&2ZgojL!l(WV)M4Uf*CJ?%z6J+i3nqX1wohR|$;
z_5VFY=H0Vjt#M&Fw)9I^#8}dUr6y!{LL4Y89mKJj4F@8KxNu4lI3o7cq7}zF0oBTN
zSrh`hBO|Ca8;-M-zPCYSHeJ`eq@mH09-$DR3B5T$>$|UceQ$R({7ytff<QrF01_BT
z!7ueH=zjgHm}y*Z?mr4*jb*UAEnyms;Or-jP23P{LI9gB3&}iK_-@1aMxl%Ju834z
z_zBD{X|kQawcwI;WL{ZueO%t1X6LYHTibZIhN*AQ)C-t(htC#sx}yCuCVjo%f_=X*
zx$;Db|7yGFciL9g*nN3%)pnP*?|vv*Q}v-|o#3f>erDojy!FkK<fLQm6Sr?4_RFP>
z7Bs$@n@6D$w99JclF7#=dyn0Mj!wDNa&diXgT!xU<k8RebnI;+<s*>~5J}x5cX0Je
z6!2WvvT1((D~`eGUnn%e*9$+`ecpxjSmTyk6Xk~%#<fn_G_0B&{&b9gR8GFeac@^{
zt$<~xXUBea#Zt1SDfDRg`db=dzHGwk;PI6kle$t2ssrm7R5o%4L;{N9Ljs$yaB*Bx
zEM29r@=Ph;JH5b(2M#HRx?=XdwPuT$N!|Ud(Vlw?C4rR;r)HRy3XHyEdP;z0n)&UL
z9%D!_qTkSDlIu-j2R&G`;-sOymGcIy90QX9%-sp2%`RpxfRt27`O8F{GNi&NkSAUz
zFSpxIF8?&Y((1bMSi`hy6UXe2-uTIcnFl|bJN&1y^@v~QeQ<k4a8UfGhqZ^Qk8MB5
zxQe$d_e}YG&pWwC{@K}vmY;AE9lBn2ecn+YQAF3Nh3zMt(_9lzX5X1~<8#Dv$wTHT
z4SVd;E-Yy5+(yQuo#&T6*nc5OesR8$844caS5^!yknOcieZOqx+1ETjS@`wqJF&we
z%aYxt&B4_Vu3K;YcAJ}H)OjE7sKde1*Un9CI(@oQzc_2B|D)Otl>-#fHt+46Glz_q
z;!BgOHasfhx^<Pv{31oQPORr4MY>YUu7pPGU2Un$c0Ws6bh2!^;D-u_@)_5p7tRF;
z1@;*iYN3eZjmuhJ|8X(ia?T5zN!;8$n5)UCn)5GX7;nhQBUg5w>PS2gc5Amy%6{MJ
zmzzC?yxw&p6I6YZFvcTzO1(gSzmgden)m`Jn<jSb7?pF=K44ezXynn*qTst|(T}!*
zAjVgr@oCE|V%OeEIPF19yJM$F**vDA(~q|~HgL)m@xDvD3ZN176I?Png*7FHXUD<Q
z*JQ1G%k471JnFfpWy6GR1!sp2S+gbYa=_{~(tStth3cBMYu8TraJko|y9XK!^Rut6
zNZLdK%h)Kflsgf&O1HkFyjju?(D1Bc<02D6<HHS9S@2;4#LaG_B(P2hm&#<35fP#A
zhGG86g}SR!Tm0xJFUPE-P|JefDqbsT<n&pQv!)wprXY$x`0q0MyNv$#WkjXoWa=@6
ft_SgdrZ`0$OB18azDx8Q2Y=_g#BXz(zDxWYlVEbi

literal 0
HcmV?d00001

diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
index a8126d26bd..18d7561348 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.core;
 
+import java.io.Serializable;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -35,7 +36,9 @@ import org.springframework.util.Assert;
  * @author Josh Cummings
  * @since 5.4
  */
-public final class Saml2X509Credential {
+public final class Saml2X509Credential implements Serializable {
+
+	private static final long serialVersionUID = -1015853414272603517L;
 
 	private final PrivateKey privateKey;
 
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadata.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadata.java
index c75de010d4..985e5db51f 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadata.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/AssertingPartyMetadata.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
+import java.io.Serializable;
 import java.util.Collection;
 import java.util.List;
 import java.util.function.Consumer;
@@ -28,7 +29,7 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
  * @author Josh Cummings
  * @since 6.4
  */
-public interface AssertingPartyMetadata {
+public interface AssertingPartyMetadata extends Serializable {
 
 	/**
 	 * Get the asserting party's <a href=
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
index 9927c3a9c1..69f0c82219 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
+import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -66,7 +67,9 @@ import org.springframework.util.CollectionUtils;
  * @author Josh Cummings
  * @since 5.2
  */
-public class RelyingPartyRegistration {
+public class RelyingPartyRegistration implements Serializable {
+
+	private static final long serialVersionUID = -2718908121120942813L;
 
 	private final String registrationId;
 
@@ -456,6 +459,8 @@ public class RelyingPartyRegistration {
 	 */
 	public static class AssertingPartyDetails implements AssertingPartyMetadata {
 
+		private static final long serialVersionUID = 8728930758311995475L;
+
 		private final String entityId;
 
 		private final boolean wantAuthnRequestsSigned;

From 5ff87128b1a16b9e9d3deded380dda9b5da5d173 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 30 Jan 2025 18:05:17 -0700
Subject: [PATCH 2/2] Make Saml2AuthenticationToken Serializable

Issue gh-16286
---
 ...ringSecurityCoreVersionSerializableTests.java |   7 +++++++
 ...ntication.Saml2AuthenticationToken.serialized | Bin 0 -> 6302 bytes
 .../TestSaml2AuthenticationTokens.java           |   7 +++++++
 3 files changed, 14 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index aea7544c58..2c806ce39f 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -178,8 +178,10 @@ import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
+import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
 import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationTokens;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
@@ -500,6 +502,11 @@ class SpringSecurityCoreVersionSerializableTests {
 		generatorByClassName.put(AssertingPartyDetails.class,
 				(r) -> TestRelyingPartyRegistrations.full().build().getAssertingPartyMetadata());
 		generatorByClassName.put(RelyingPartyRegistration.class, (r) -> TestRelyingPartyRegistrations.full().build());
+		generatorByClassName.put(Saml2AuthenticationToken.class, (r) -> {
+			Saml2AuthenticationToken token = TestSaml2AuthenticationTokens.tokenRequested();
+			token.setDetails(details);
+			return token;
+		});
 
 		// web
 		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..cdc6b6b25920853d28136f0fb16cfe8b61a78e81
GIT binary patch
literal 6302
zcmdT|d011&7N0DDARvMQE-V$SiYB=UMg+AI!37CI37ewmCAq{%k{j;5KmY-uTI+(A
zS{3zKm%3EkYLy~Z#a5`ev@Y1z<#WTjwRI~l#j1TXHwh#b`}%6%_x15dKJLt!bI$zc
zoZmS!TW$k8ngXdLr54f#N~2e2P`HlBC8<myO(?S|4U;FNah+BoG*D!YMnzC?oXXKC
z2_c@%OeOS;Mu{^TQZG~>DVfb!0+~tZ$GkNf|K3Zsiwk&i(A9QPJdu@6&<q3Aa_E8R
z1rJ0P4@9g7B8vxbob^Ctt4t(Irx^-YGVOR`HZ(*IyeUGP2lp9=Q%qhwq1K=^XafvL
z{Yy?zRysuSFHsH+yRe&xCujqyrwInQ%ctQvxJZlZ)glFhpdVtS!010b3EK?|EgNnJ
z^~TD+Mf%YySBUxq;9|9oP{~0@^i9IE)j;rpr^%6QMxzx)kXkLFL~uZl9aIE^YqU_r
z+Sl0hX;5N_(EwoJypHxDL`#KjOX<Kwy^d6AGBkL)mXJe)pLXgkuKH<#8y9fofUkuk
z3~;kDi)7I52mEJsZDzWS05guJJ@#dla+F!12-q17&?%2LEi#J2^N@C9$tj;@hwzm=
zz=;BUT9Z$}4Zy!#KKeDH#V&B^m_LL+mq>px>XV6dTl6DMm?5nIaJ5{(g-1^jI+7t|
zDiuZ0G_nO#!I6glL!hHn?10h00DF@hV>JhT!vD}GHmd$ya>kJ~W9zIrEjIG%r_Vn>
z;~^I!K>^}#uxE+Pm#1PIKz1-GtpXH6Vs<N$(wMR0YD^%>ffGz$JWs*k3}K$@{<4HN
z0}I0)VPw|XiZu^$8-R)#Yn=>?0*%g~CD0PXRCp%Vi{W96|102FQ-ttk6mc%H*yy(@
zF@Ou4Cjbuwhy@2)p;7Bm-g@FRq&~*NUNJD#R5*kJjDL0JlC`TEvVfo2D5;Nt#Fech
zD20iBM`-ja=n4apUfntyCowP~a5Z7p3r+jK%(R>|6&-U3bW;&ZD$jsuD@BThMo@$b
z6((HE<{FHz4(OA~YmEqJJuGrjs!=4R!x^&@SL;)1mGq<`_HdW&>+M0qDM)don#^Ww
zVX>HQPviyn1KQDIsS`G$Ce9`QXCWA98w6%5%L`DAx)^j*!39nefLAWAXG!FD!P$+_
z|96Mb*$k~rt46hGs*Z)sQ4YGdgNHdN&{_4AgTE8hR(mMRV)eGCXlu_#!scY4OF0Au
zE1oGX+lv;Xfdl!&tF1Q4HTq0KH3p}rDhTF`_PYs-F9gA2hA6mmo0NHePvoq{OLkWe
z<iUAEt}|p$x8dO?4mC1h%v6Rk&|xA`8+i#bNJ?O8s04`2gt);#3k}K)Qcnmqq`9Ti
zs0<>VnMQ<=@1TbPZMNHLEgh&}Bb_1jsG0`d?dLXh<BFwh>2)BqgbpSc!pa_%F){K6
zI+L55E6fcR!f+KyFib4M28xV2tqLByKu1zU07c^hdMYlF4l1HR!YfC0I~-yH2mp5$
zRabUrsNoWh)Mx9gC!yCJ;zveC#gB|gFc{EI`Y~YatDve-#F|5i#TBXaw>dWy4MYCK
zrj-yXQ*&(_Rrjwy+WCp*hqu_ix}y@+1vdO(YZ+*2ty<e>G$~?Nw@E>I?WAla%7i=v
zY6Ux4^<*$8p^Ou}6y(5S8%^Xfp!*AY<67rnI|#QUU;(z66(Y03h&GdfR{zHnhB<wv
ztvtMKs55MlQUTvo$hfH^V1vj&ZxCQSqamAuvm>@Nd;MbHA>lI04%oKwy|7Zg2Ug1c
zbv2L6;c^|pZ0TmnkF|Hyn2Wt*(A#6)e(b{GbhHCl$trP2%+a2g$hY_4CMql+9h|ul
zvEnY6JDPED?ihj7jF#|^CzYAvo>+G@>g4Q!0?I!D;sQh89~~w^Srl}1=0+um{V`u8
z%5(N=%R87vLS+V<Y#Nf4usGz%@$8&271wJr!ws4olEJkw4>4aa7qJwRNP;Djfl@4Z
zf|rW~eZoKX^Z#H6rJP>YuygDHuawgXV5J-<ZYhTYc2h;4dQ6P2T$FpcWyO}&sqbE^
zUnpJO=iBG&3zm=kHJ?}bY)_M0{_NS;H@?@et72*4yi*SJ*^2EV`{dLcLHmA9Oid--
z3Yr5a?#Po?Pw(yP*wI&8bKu;%35~l{^<iPsXS<t-C6Qr1R7u@*sXOV_s9wvj4+<DF
zYtSgelL_NfQj#N1;~M^=4dH(MImfZU8IyV@$E_^(_%!W`y7G4E8t>piT_sI9Ueg}>
z^p<|*FZyC>%J9mQ-U(5iABR8ERHtnGO3){iN@+e>+&EbvN{Z|Hcv<15L-og6Hotpn
zK=sM-(N3hp!srG&RlzvB@aB6$yU|Tf_&eo~7d$EmXv$kG>dNJD0O!LvY#inTqs7OS
z@5%4d*zmlRF2BbAps1#P!~u2aT5een%nwZm@Vzn58SM)=BLNS-9meBuezV3LhC0NY
z14LpWUv~Akxr>eSuhhJMr?zUwis!x3IOi9v^j5td!_yT$dK7mwqf4XcY4O3|GIsZ#
zxOY#p`v(g{t|b+_Mt+~TRdqo!Gc)#~-}a3BZ=TE^bZpA=56X%Uzc#KQt5;w^P4>;K
zph5hKF68z4;ezt98OwwFUiusxwa01go%+4!@AeZX?XOEnytkzB{;^m^MeR5c5Yv#B
z7MMLh@-Q*2N>pBdZT4LKp*aH{-r1Ra;)H`>XU_4-r^|l$(#3c3T6OoTre_tUvA3d1
zlB-pTP5Fc8aeI|C&httwNIy|kz0@aHnbbRC;q4_A9wk3J)~(N970@Is-L+~!5Amh#
z>pE<9y|943343|F6d~*Y*-qjGx`j1H@d|Vs$d(sd3P!AHT}2RQ^<{u_(#ZIzQBe`H
zgs9kYMuV{kjrU;yKQ300z<{8Fbetv<DQ%%hOR6<`b19~2QdD5ugBG&;=m43uOIuMk
zwGF5WJNHve8aw5kUZ$R)?IJ5<Kv<g%RQx5DCli6?4Mkw7`oFUYuc5GYF!#mYW)IK~
z!r8krhaC~HzmjY;E`|5pS&)oNV8;Idxp-Uh&`M99d&3I>ij~Z?u&0TOJ+RJ*Jv%r%
zCBq&Fax82v#O|0I8gy`WOv3d_G8=KO57q;XIXQPxuuoKwi%l<6{t8))+@cgxGHtM?
zWP|xd%l09QCEUT7R6I~TFc=#+5D_l=6q`T)DQ=dmvc?aQYDpQaXLGnECE(;|wRHjE
zL`X27pBSFCx9I&n18OCnirZ2~b>?R<X=a_vlnsUF6g~6HN^9ctZ`F5+e7fPH@P@bc
z=2(N6TfP5esdGzA|IDy&ciHjp7NwRSnJHN28uQ-8#g(pKpIx%a^WyhE&Ro9qW4~(g
zlZYu<DHo{5w~sPmhnfa&+T{J)xixkyqglI$_y_vsuz1dpLqh`luE%>#ywPxWRoWhT
z|FKaAzu4ZqqmEJb#6H60)en5Y<xA1PZ)L;UDK)RVhfe)Ur3<}U^wGA{p1g;;Zh4i_
z{qdss#$ju{E12$2`Us+P3v})~TJoyIJXZrh?u$$I^5u21gCken&`AmsLzaaOC|@(a
zWuj5DdnE@&V+b3WFXld)31xtTB5L%wsBxo>ttr*otiT2b_9XjSVt2l?e0>BL@Zk#$
zZn>GD<-Anj0IxWtieTR&g5}nE0^f7ku7v?TUg(ibdIJ$vz$S?Sym*DIHEpKDv@voy
zz#2<<)cjIzI-E&^Gyj<5Mvg2j5i3)!G8dZMhAjBJpxoiA`p}*cR|fal6|?5Ekg<C|
znbiH~zBO3?th?amqR>GJpYPZ2t2nf2FXuAVFyC+Dm)qaVJMgbZ7x4v0Jf!=smR+5E
zu(xzn%du%qN4jKqr5w$<6?W}Q%zn;&?lB#|@7xw*P~S<loCjM@&%L+n%y{M5DJ5JP
zxKCYL)U_~ihfCUrWn)ji;rH3JZ{OTP?3dcl+%~&DwBp`X#|`H<c5{zD-8<m5{h^9C
zP7SX+e!Sc;D|?IJK~=M+GgNVL^1Hbw_LZDVn4P+G^@Fm2ZY?tt`$tKuJb2H-i^<vc
zElIVGTQ8=~+xB$)jH6|v#Xm0WykN`~#hFvV60uw6nJTE_aP7RtH-DN%HJtJ%#?sff
zbqvsDE}ig8Nu;pT(F2#Z9BWS59eHD$)5Kjtqc7C^c6zhrNETT7T~Z(4&|x)V<=t{_
zxGd#4P}dD^-uznbb+_QHrM<8RU5i6+<HbL@hzD`LktJlzUl_OIM$&O#dc-YP)x>pu
z7C!1PTo*TR*szG5=e8C?Cu%}GGapGRXBwX#22b8dY}~QHHS6nxe%l*Xhioi7*|pR1
z_4yZqmtAChHpiT)s9dpPMaakV{m<Rry~j8u=klWQYa!9cMMo$C2E)qO&9-y53fgw+
zn?qcDRFW)VB>QSQ^7j=2Wy?@@G6~)p+A0yOcJP_RQtq@Ql1pYlH?~3v;MGt7pGVo(
KaRJFbGXERwNZkYg

literal 0
HcmV?d00001

diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
index b0a0de264a..bccbcb869e 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
@@ -35,4 +35,11 @@ public final class TestSaml2AuthenticationTokens {
 		return new Saml2AuthenticationToken(relyingPartyRegistration, "saml2-xml-response-object");
 	}
 
+	public static Saml2AuthenticationToken tokenRequested() {
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.relyingPartyRegistration()
+			.build();
+		return new Saml2AuthenticationToken(relyingPartyRegistration, "saml2-xml-response-object",
+				TestSaml2PostAuthenticationRequests.create());
+	}
+
 }