Updated config

src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java

@@ -266,13 +266,12 @@ public class SecurityConfig {
 
         String entityId = baseUrl + "/v1/saml/gw/metadata";
         String acsUrl = baseUrl + "/login/saml2/sso/loginumbria";
+
         RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("loginumbria")
                 .entityId(entityId)
                 .signingX509Credentials(credentials -> {
                     try {
                         credentials.add(Saml2X509Credential.signing(readPrivateKey(), readCertificate()));
-                           // AuthnRequest signedAuthnRequest = createSignedAuthnRequest(readPrivateKey(), readCertificate());
-                            //logger.info("Signed SAML AuthnRequest: " + SamlRequestLogger.convertSAMLObjectToString(signedAuthnRequest));
                     } catch (Exception e) {
                         e.printStackTrace();
                     }
@@ -280,9 +279,19 @@ public class SecurityConfig {
                 .assertionConsumerServiceLocation(acsUrl)
                 .assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata")
                     .singleSignOnServiceLocation("https://federatest.umbriadigitale.it/gw/SSOProxy/SAML2")
-                        .singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(true).build()
+                    .singleSignOnServiceBinding(Saml2MessageBinding.POST)
+                    .wantAuthnRequestsSigned(true)
+                    .verificationX509Credentials(credentials -> {
+                        try {
+                            // Load the IDP's public certificate for verifying the SAML response signature
+                            credentials.add(Saml2X509Credential.verification(readIdpCertificate()));
+                        } catch (Exception e) {
+                            e.printStackTrace();
+                        }
+                    })
                 )
                 .build();
+
         return new InMemoryRelyingPartyRegistrationRepository(registration);
     }
     
@@ -378,6 +387,15 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
         }
     }
     
+    public X509Certificate readIdpCertificate() throws Exception {
+        // Path to your IDP public certificate PEM file
+        try (InputStream inStream = readKey("dev/saml/idp-certificate.pem")) {
+            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+            return (X509Certificate) certFactory.generateCertificate(inStream);
+        }
+    }
+
+    
     public InputStream readKey(String path) throws IOException {
         ClassLoader classLoader = getClass().getClassLoader();
         InputStream inputStream = classLoader.getResourceAsStream(path);

src/main/resources/dev/saml/idp-certificate.pem

@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAgygAwIBAgIVAIq/MUgxPKO0cuX/GtD7YUvk87GtMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmlkcC5tYWNoaW5lLml0MB4XDTA5MDMyNTEwNTM1OFoXDTI5MDMyNTA5NTM1OFowGTEXMBUGA1UEAxMOaWRwLm1hY2hpbmUuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClXV18x0/yhZ+D3pHlmhrK4paA+xdJKAT7U7R9DeaTQygwtCjKmCrJbzdohckLz5pax7eaGeA53pPCY+JdiU0Uq4ES8nG2DCZgCtl4QGLUcTuUtJdPq+DbYD1cWBwEeeffsiClVyuhgLRPO1OQLl/TJp4slfoYTi0aONgQp03uG+ixL48myL7GrINHYXtDUDqo2BimyU0yrOe6ZmvxJchZ8nBuWKy0J8wsO/Mnasbvo79/c8gcn0HTst0QDlHXQlzwZ4Suq2os9qKjXAYOzA1VqmTyzJIge/ynHiJ0Fkw0HNxBaVFTJRNL8RvwJsMuBT7YZKRoNK7gjT5/6bGagYM/AgMBAAGjYzBhMEAGA1UdEQQ5MDeCDmlkcC5tYWNoaW5lLml0hiVodHRwczovL2lkcC5tYWNoaW5lLml0L2lkcC9zaGliYm9sZXRoMB0GA1UdDgQWBBSBOsPZiWZRXFqNINIguHfv7jnidDANBgkqhkiG9w0BAQUFAAOCAQEAeVLN9jczRINuPUvpXbgibL2c99dUReMcl47nSVtYeYEBkPPZrSz0h3AyVZyar2Vo+/fC3fRNmaOJvfiVSm+bo1069iROI1+dGGq2gAwWuQI1q0F7PNPX4zooY+LbZI0oUhuoyH81xed0WtMlpJ1aRSBMpR6oV3rguAkH6pdr725yv6m5WxKcOM/LzdD5Xt9fQRL7ino4HfiPPJNDG3UOKhoAWkVn/Y/CuMLcBPWh/3LxIv4A1bQbnkpdty+Qtwfp4QUKkisv7gufQP91aLqUvvRE6Uz8r51VH13e4mEJjJGxLKXWzlP50gp7b27AXCTKSS6fW6iBpfA14PGcWvDiPQ==
+-----END CERTIFICATE-----