spring spring-security spring-security-saml2

Spring SAML Security Certificate Caching Issue

I am using Spring security SAML 1.0.3 Release version. I figured out a problem that if we upload a certificate for the IDP it does not get reflected in the Spring SAML. The problem seems to be with MetadataCredentialResolver where there is a cache Map

  Map<MetadataCacheKey, SoftReference<Collection<Credential>>> cache;

It is picking the certificate from the cache and hence the newer uploaded cert is ignored. Is there a way I can reset the cache?

Solution

I think the way to get rid of cache is to override a class and make it set the values to null for all the cache related calls:-

@Override
protected Collection<Credential> retrieveFromCache(MetadataCacheKey cacheKey) 
{
    //return null and let it fetch from metadata
    return null;
}
@Override
protected void cacheCredentials(MetadataCacheKey cacheKey, 
Collection<Credential> credentials) {
   //do not put anything into cache
}

How to use different authentication methods for different paths using Spring Security
How to enable all endpoints in actuator (Spring Boot 2.0.0 RC1)
WebFluxSecurity does not add Authentication to SecurityContext
java.lang.NoClassDefFoundError: org/springframework/orm/hibernate5/HibernateTransactionManager
WebMvcTest and entitMangerFactory missing reference
Spring Authorization Server: "invalid_client" Error Despite Correct Client Configuration while requesting registration_endpoint
Multi-Tenant Spring boot web application
Getting refresh token for gmail API with Spring Security
what is %-4relative in logback.xml log pattern specification
how to debug spring application with gradle
Does client credentials flow prevent from concurrent authentication attempts?
AuthorizedClientServiceOAuth2AuthorizedClientManager: accessToken cannot be null
How to call a service from Main application calls Spring Boot?
Extra unnecessary join with filtering and EntityGraph in Spring Data JPA Repository
What does it exactly mean to use @DirtiesContext annotation on a class?
Implementing Pagination using entity manager in spring
Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
perform SpringBoot request validation based on configurable property
Validate list inside request with springboot against [null]
How to use Spring Security WebAuthn to implement Passkey?
Spring Boot Redis Cache @CachePut is not updating the cache
How to provide a null value for a bean using Mockito and JUnit?
spring batch dependency cycle
SimpMessagingTemplate not sending messages in spring boot
Hibernate StaleObjectStateException After Upgrading to 6.6.3: Row was updated or deleted by another transaction or unsaved-value mapping was incorrect
Spring doesn't recommend to annotate interface methods with @Cache* annotation on Spring HttpInterface
How do I log response in Spring RestTemplate?
Spring REST using Jackson - 400 bad request logging
Comparing two dates from different format
Spring doesn't translate SQLException to DataAccessException