Dynamic metadata plugin won't resolve metadata in some cases
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Due to refactoring, some metadata lookups that are performed from the opensaml message decoder code won't provide the right kind of metadata criteria object, causing the advanced dynamic plugin in the SP to fail the request.
This will end up manifesting during SSO, if a prior operation didn't preload the metadata or if the metadata expired in between.
To fix, we'll need the MetadataProvider interface to manufacture criteria objects on behalf of themselves.
Probably should propagate this pattern to other spots in the code.
The initial idea won't fly, since the metadata provider wouldn't have access to the Application object from the SP layer to use when it creates the custom criteria object.
The common thread in the current design is the SecurityPolicy class, which gets passed into all the decoders, so for now the policy object may be the place to manufacture criteria objects with the right decoration.
Due to refactoring, some metadata lookups that are performed from the opensaml message decoder code won't provide the right kind of metadata criteria object, causing the advanced dynamic plugin in the SP to fail the request.
This will end up manifesting during SSO, if a prior operation didn't preload the metadata or if the metadata expired in between.
To fix, we'll need the MetadataProvider interface to manufacture criteria objects on behalf of themselves.
Probably should propagate this pattern to other spots in the code.