Merge branch '2.4.x' into main

Closes gh-26649

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyProperties.java

@@ -277,7 +277,7 @@ public class Saml2RelyingPartyProperties {
 			/**
 			 * Whether to redirect or post authentication requests.
 			 */
-			private Saml2MessageBinding binding = Saml2MessageBinding.REDIRECT;
+			private Saml2MessageBinding binding;
 
 			/**
 			 * Whether to sign authentication requests.

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.java

@@ -98,7 +98,8 @@ class Saml2RelyingPartyRegistrationConfiguration {
 		Saml2RelyingPartyProperties.Identityprovider identityprovider = properties.getIdentityprovider();
 		return (details) -> {
 			map.from(identityprovider::getEntityId).to(details::entityId);
-			map.from(identityprovider.getSinglesignon()::getBinding).to(details::singleSignOnServiceBinding);
+			map.from(identityprovider.getSinglesignon()::getBinding).whenNonNull()
+					.to(details::singleSignOnServiceBinding);
 			map.from(identityprovider.getSinglesignon()::getUrl).to(details::singleSignOnServiceLocation);
 			map.from(identityprovider.getSinglesignon()::isSignRequest).when((signRequest) -> !usingMetadata)
 					.to(details::wantAuthnRequestsSigned);

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java

@@ -135,6 +135,50 @@ class Saml2RelyingPartyAutoConfigurationTests {
 		}
 	}
 
+	@Test
+	void autoconfigurationShouldUseBindingFromMetadataUrlIfPresent() throws Exception {
+		try (MockWebServer server = new MockWebServer()) {
+			server.start();
+			String metadataUrl = server.url("").toString();
+			setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
+			this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl)
+					.run((context) -> {
+						RelyingPartyRegistrationRepository repository = context
+								.getBean(RelyingPartyRegistrationRepository.class);
+						RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
+						assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
+								.isEqualTo(Saml2MessageBinding.POST);
+					});
+		}
+	}
+
+	@Test
+	void autoconfigurationWhenMetadataUrlAndPropertyPresentShouldUseBindingFromProperty() throws Exception {
+		try (MockWebServer server = new MockWebServer()) {
+			server.start();
+			String metadataUrl = server.url("").toString();
+			setupMockResponse(server, new ClassPathResource("saml/idp-metadata"));
+			this.contextRunner.withPropertyValues(PREFIX + ".foo.identityprovider.metadata-uri=" + metadataUrl,
+					PREFIX + ".foo.identityprovider.singlesignon.binding=redirect").run((context) -> {
+						RelyingPartyRegistrationRepository repository = context
+								.getBean(RelyingPartyRegistrationRepository.class);
+						RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
+						assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
+								.isEqualTo(Saml2MessageBinding.REDIRECT);
+					});
+		}
+	}
+
+	@Test
+	void autoconfigurationWhenNoMetadataUrlOrPropertyPresentShouldUseRedirectBinding() {
+		this.contextRunner.withPropertyValues(getPropertyValuesWithoutSsoBinding()).run((context) -> {
+			RelyingPartyRegistrationRepository repository = context.getBean(RelyingPartyRegistrationRepository.class);
+			RelyingPartyRegistration registration = repository.findByRegistrationId("foo");
+			assertThat(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding())
+					.isEqualTo(Saml2MessageBinding.REDIRECT);
+		});
+	}
+
 	@Test
 	void relyingPartyRegistrationRepositoryShouldBeConditionalOnMissingBean() {
 		this.contextRunner.withPropertyValues(getPropertyValues())
@@ -180,6 +224,14 @@ class Saml2RelyingPartyAutoConfigurationTests {
 				PREFIX + ".foo.identityprovider.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
 	}
 
+	private String[] getPropertyValuesWithoutSsoBinding() {
+		return new String[] { PREFIX
+				+ ".foo.identityprovider.singlesignon.url=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/SSOService.php",
+				PREFIX + ".foo.identityprovider.singlesignon.sign-request=false",
+				PREFIX + ".foo.identityprovider.entity-id=https://simplesaml-for-spring-saml.cfapps.io/saml2/idp/metadata.php",
+				PREFIX + ".foo.identityprovider.verification.credentials[0].certificate-location=classpath:saml/certificate-location" };
+	}
+
 	private String[] getPropertyValues() {
 		return new String[] {
 				PREFIX + ".foo.signing.credentials[0].private-key-location=classpath:saml/private-key-location",