Spring SAML Security Certificate Caching Issue

Question

I am using Spring security SAML 1.0.3 Release version. I figured out a problem that if we upload a certificate for the IDP it does not get reflected in the Spring SAML. The problem seems to be with MetadataCredentialResolver where there is a cache Map

  Map<MetadataCacheKey, SoftReference<Collection<Credential>>> cache;

It is picking the certificate from the cache and hence the newer uploaded cert is ignored. Is there a way I can reset the cache?

score 0 · Accepted Answer · answered Feb 10 '20 at 17:04

I think the way to get rid of cache is to override a class and make it set the values to null for all the cache related calls:-

@Override
protected Collection<Credential> retrieveFromCache(MetadataCacheKey cacheKey) 
{
    //return null and let it fetch from metadata
    return null;
}
@Override
protected void cacheCredentials(MetadataCacheKey cacheKey, 
Collection<Credential> credentials) {
   //do not put anything into cache
}

Spring SAML Security Certificate Caching Issue

1 Answers1

Linked