Bugfix for authenticating authoirty

pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>org.openconext</groupId>
     <artifactId>saml-idp</artifactId>
-    <version>0.0.4-SNAPSHOT</version>
+    <version>0.0.5-SNAPSHOT</version>
     <name>saml-idp</name>
 
     <properties>

src/main/java/saml/DefaultSAMLIdPService.java

@@ -249,7 +249,7 @@ private <T extends XMLObject> T buildSAMLObject(final Class<T> clazz) {
 
     @SneakyThrows
     @Override
-    public void sendResponse(String entityId,
+    public void sendResponse(String spEntityID,
                              String inResponseTo,
                              String nameId,
                              SAMLStatus status,
@@ -258,7 +258,7 @@ public void sendResponse(String entityId,
                              String authnContextClassRefValue,
                              List<SAMLAttribute> samlAttributes,
                              HttpServletResponse servletResponse) {
-        SAMLServiceProvider serviceProvider = this.getSAMLServiceProvider(entityId);
+        SAMLServiceProvider serviceProvider = this.getSAMLServiceProvider(spEntityID);
 
         Instant now = Instant.now();
         Instant notOnOrAfter = now.plus(skewTime);
@@ -272,7 +272,9 @@ public void sendResponse(String entityId,
         response.setIssueInstant(now);
 
         Issuer issuer = buildSAMLObject(Issuer.class);
-        issuer.setValue(this.configuration.getIdentityProvider().getEntityId());
+        String idpEntityID = this.configuration.getIdentityProvider().getEntityId();
+        issuer.setValue(idpEntityID);
+        issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
         response.setIssuer(issuer);
         response.setVersion(SAMLVersion.VERSION_20);
 
@@ -297,7 +299,8 @@ public void sendResponse(String entityId,
         Assertion assertion = buildSAMLObject(Assertion.class);
         // Can't re-use, because it is already the child of another XML Object
         Issuer newIssuer = buildSAMLObject(Issuer.class);
-        newIssuer.setValue(this.configuration.getIdentityProvider().getEntityId());
+        newIssuer.setValue(idpEntityID);
+        newIssuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
         assertion.setIssuer(newIssuer);
         assertion.setID("A" + UUID.randomUUID());
         assertion.setIssueInstant(now);
@@ -307,7 +310,6 @@ public void sendResponse(String entityId,
         NameID nameID = buildSAMLObject(NameID.class);
         nameID.setValue(nameId);
         nameID.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
-        nameID.setSPNameQualifier(entityId);
         subject.setNameID(nameID);
 
         SubjectConfirmation subjectConfirmation = buildSAMLObject(SubjectConfirmation.class);
@@ -326,7 +328,7 @@ public void sendResponse(String entityId,
         conditions.setNotOnOrAfter(notOnOrAfter);
         AudienceRestriction audienceRestriction = buildSAMLObject(AudienceRestriction.class);
         Audience audience = buildSAMLObject(Audience.class);
-        audience.setURI(entityId);
+        audience.setURI(spEntityID);
         audienceRestriction.getAudiences().add(audience);
         conditions.getAudienceRestrictions().add(audienceRestriction);
         assertion.setConditions(conditions);
@@ -342,7 +344,7 @@ public void sendResponse(String entityId,
         authnContext.setAuthnContextClassRef(authnContextClassRef);
 
         AuthenticatingAuthority authenticatingAuthority = buildSAMLObject(AuthenticatingAuthority.class);
-        authenticatingAuthority.setURI(entityId);
+        authenticatingAuthority.setURI(idpEntityID);
         authnContext.getAuthenticatingAuthorities().add(authenticatingAuthority);
         authnStatement.setAuthnContext(authnContext);
         assertion.getAuthnStatements().add(authnStatement);

src/main/java/saml/SAMLIdPService.java

@@ -24,7 +24,7 @@ public interface SAMLIdPService {
     /**
      * Send an XML {@link Response} using the {@link HttpServletResponse}
      *
-     * @param destination               the AssertionConsumerServiceURL from the originating {@link AuthnRequest}
+     * @param spEntityID                  the entityID of the SP
      * @param inResponseTo              the ID of the originating {@link AuthnRequest}
      * @param nameId                    the nameID of the {@link Subject}
      * @param status                    the {@link StatusCode} of the {@link Response}
@@ -34,7 +34,7 @@ public interface SAMLIdPService {
      * @param samlAttributes            the user attributes which will be grouped by name
      * @param servletResponse           the {@link HttpServletResponse} to write content back to originating ServiceProvider
      */
-    void sendResponse(String destination,
+    void sendResponse(String spEntityID,
                       String inResponseTo,
                       String nameId,
                       SAMLStatus status,
@@ -49,9 +49,9 @@ void sendResponse(String destination,
      * Construct the XML metadata (e.g. {@link EntityDescriptor}) with the provided IdP attributes
      *
      * @param singleSignOnService the URL for single sign on
-     * @param name the name of the IdP
-     * @param description  the description of the IdP
-     * @param logoURI the logoURI of the IdP
+     * @param name                the name of the IdP
+     * @param description         the description of the IdP
+     * @param logoURI             the logoURI of the IdP
      * @return XML medadata
      */
     String metaData(String singleSignOnService, String name, String description, String logoURI);