From 0088b9725859fb78e36e0453f627e2ca2e06543f Mon Sep 17 00:00:00 2001
From: Ray Lee <ray.lee@lyrasis.org>
Date: Tue, 17 Oct 2023 23:34:48 -0400
Subject: [PATCH] Allow overriding SAML asserting party metadata with manual
 config.

---
 .../common/security/SecurityConfig.java         | 17 ++++++++++++-----
 .../src/main/resources/service-config.xsd       |  2 +-
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
index d583079f2..fc7403106 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
@@ -785,15 +785,22 @@ public class SecurityConfig {
 					registrationBuilder = RelyingPartyRegistrations
 						.fromMetadataLocation(relyingPartyConfig.getMetadata().getLocation())
 						.registrationId(relyingPartyConfig.getId());
-				} else {
-					final AssertingPartyDetailsType assertingPartyDetails = relyingPartyConfig.getAssertingPartyDetails();
-
+				}
+				else {
 					registrationBuilder = RelyingPartyRegistration
-						.withRegistrationId(relyingPartyConfig.getId())
+						.withRegistrationId(relyingPartyConfig.getId());
+				}
+
+				final AssertingPartyDetailsType assertingPartyDetails = relyingPartyConfig.getAssertingPartyDetails();
+
+				if (assertingPartyDetails != null) {
+					registrationBuilder
 						.assertingPartyDetails(new Consumer<AssertingPartyDetails.Builder>() {
 							@Override
 							public void accept(AssertingPartyDetails.Builder builder) {
-								builder.entityId(assertingPartyDetails.getEntityId());
+								if (assertingPartyDetails.getEntityId() != null) {
+									builder.entityId(assertingPartyDetails.getEntityId());
+								}
 
 								if (assertingPartyDetails.isWantAuthnRequestsSigned() != null) {
 									builder.wantAuthnRequestsSigned(assertingPartyDetails.isWantAuthnRequestsSigned());
diff --git a/services/config/src/main/resources/service-config.xsd b/services/config/src/main/resources/service-config.xsd
index 8bdf0b6b3..051f37d42 100644
--- a/services/config/src/main/resources/service-config.xsd
+++ b/services/config/src/main/resources/service-config.xsd
@@ -344,7 +344,7 @@
 
     <xs:complexType name="AssertingPartyDetailsType">
         <xs:sequence>
-            <xs:element name="entity-id" type="xs:string" minOccurs="1" maxOccurs="1" />
+            <xs:element name="entity-id" type="xs:string" minOccurs="0" maxOccurs="1" />
             <xs:element name="want-authn-requests-signed" type="xs:boolean" minOccurs="0" maxOccurs="1" />
             <xs:element name="signing-algorithms" type="SigningAlgorithmsType" minOccurs="0" maxOccurs="1" />
 
-- 
2.47.3