(syncope) branch 3_0_X updated: Allowing for effective SAML 2.0 IdP metadata customization

Fri, 19 Sep 2025 01:28:13 -0700 

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/3_0_X by this push:
     new 1b959dde06 Allowing for effective SAML 2.0 IdP metadata customization
1b959dde06 is described below

commit 1b959dde06016181afcce34bf727045ee3c7be37
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Fri Sep 19 09:43:37 2025 +0200

    Allowing for effective SAML 2.0 IdP metadata customization
---
 pom.xml                                            |  2 +-
 .../syncope/wa/starter/config/WAContext.java       | 16 ++++++++
 .../metadata/WASamlIdPMetadataCacheRefresher.java  | 45 ++++++++++++++++++++++
 3 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 87568d87da..c993909fcd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -449,7 +449,7 @@ under the License.
 
     <h2.version>2.3.232</h2.version>
 
-    <swagger-core.version>2.2.36</swagger-core.version>
+    <swagger-core.version>2.2.37</swagger-core.version>
     <swagger-ui.version>5.28.0</swagger-ui.version>
 
     <jquery-slimscroll.version>1.3.8</jquery-slimscroll.version>
diff --git 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
index 4a829dfbd6..0fec1e6d11 100644
--- 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
+++ 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
@@ -63,6 +63,7 @@ import 
org.apache.syncope.wa.starter.mfa.WAMultifactorAuthenticationTrustStorage
 import org.apache.syncope.wa.starter.oidc.WAOIDCJWKSGeneratorService;
 import org.apache.syncope.wa.starter.pac4j.saml.WASAML2ClientCustomizer;
 import org.apache.syncope.wa.starter.saml.idp.WASamlIdPCasEventListener;
+import 
org.apache.syncope.wa.starter.saml.idp.metadata.WASamlIdPMetadataCacheRefresher;
 import 
org.apache.syncope.wa.starter.saml.idp.metadata.WASamlIdPMetadataGenerator;
 import 
org.apache.syncope.wa.starter.saml.idp.metadata.WASamlIdPMetadataLocator;
 import org.apache.syncope.wa.starter.services.WAServiceRegistry;
@@ -252,6 +253,12 @@ public class WAContext {
         return new WASamlIdPMetadataGenerator(context, waRestClient);
     }
 
+    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
+    @Bean
+    public Cache<String, SamlIdPMetadataDocument> samlIdPMetadataCache() {
+        return Caffeine.newBuilder().build();
+    }
+
     @Bean
     public SamlIdPMetadataLocator samlIdPMetadataLocator(
             @Qualifier("samlIdPMetadataGeneratorCipherExecutor")
@@ -266,6 +273,15 @@ public class WAContext {
                 waRestClient);
     }
 
+    @ConditionalOnMissingBean
+    @Bean
+    public WASamlIdPMetadataCacheRefresher samlIdPMetadataCacheRefresher(
+            @Qualifier("samlIdPMetadataCache")
+            final Cache<String, SamlIdPMetadataDocument> samlIdPMetadataCache) 
{
+
+        return new WASamlIdPMetadataCacheRefresher(samlIdPMetadataCache);
+    }
+
     @Bean
     public AuditTrailExecutionPlanConfigurer auditConfigurer(final 
WARestClient waRestClient) {
         return plan -> plan.registerAuditTrailManager(new 
WAAuditTrailManager(waRestClient));
diff --git 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/WASamlIdPMetadataCacheRefresher.java
 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/WASamlIdPMetadataCacheRefresher.java
new file mode 100644
index 0000000000..d34134653f
--- /dev/null
+++ 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/WASamlIdPMetadataCacheRefresher.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.wa.starter.saml.idp.metadata;
+
+import com.github.benmanes.caffeine.cache.Cache;
+import 
org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import 
org.springframework.cloud.context.scope.refresh.RefreshScopeRefreshedEvent;
+import org.springframework.context.event.EventListener;
+import org.springframework.scheduling.annotation.Async;
+
+public class WASamlIdPMetadataCacheRefresher {
+
+    protected static final Logger LOG = 
LoggerFactory.getLogger(WASamlIdPMetadataCacheRefresher.class);
+
+    protected final Cache<String, SamlIdPMetadataDocument> metadataCache;
+
+    public WASamlIdPMetadataCacheRefresher(final Cache<String, 
SamlIdPMetadataDocument> metadataCache) {
+        this.metadataCache = metadataCache;
+    }
+
+    @EventListener(RefreshScopeRefreshedEvent.class)
+    @Async
+    public void onRefresh(final RefreshScopeRefreshedEvent event) {
+        LOG.info("Cleaning up SAML IdP cache");
+        metadataCache.invalidateAll();
+    }
+}

Reply via email to