From 75f6bebc300ab7ec27bdf4ba25472d0708ce082f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Wed, 22 Oct 2025 11:31:27 +0200
Subject: [PATCH] Don't set issuer and idp_metadata in SAML settings

The `issuer` setting was renamed to `sp_entity_id` in omniauth-saml [1],
and it's been deprecated in ruby-saml since version 1.11.0, released on
July 24, 2019 [2].

The ruby-saml code currently uses:

```
      def sp_entity_id
        @sp_entity_id || @issuer
      end
```

So setting `issuer` to the same value as `sp_entity_id` if
`sp_entity_id` is present, as we were doing, has no effect.

On the other hand, neither omniauth-saml nor ruby-saml use the
`idp_metadata_url` and `idp_metadata` settings.

[1] https://github.com/omniauth/omniauth-saml/commit/74ed8dfb3aed
[2] https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.11.0
---
 app/lib/omniauth_tenant_setup.rb       | 9 ---------
 spec/lib/omniauth_tenant_setup_spec.rb | 3 ---
 2 files changed, 12 deletions(-)

diff --git a/app/lib/omniauth_tenant_setup.rb b/app/lib/omniauth_tenant_setup.rb
index 8fe2b9a5b..4132b81a3 100644
--- a/app/lib/omniauth_tenant_setup.rb
+++ b/app/lib/omniauth_tenant_setup.rb
@@ -46,16 +46,7 @@ module OmniauthTenantSetup
           strategy = env["omniauth.strategy"]
 
           strategy.options[:sp_entity_id] = sp_entity_id if sp_entity_id.present?
-          strategy.options[:idp_metadata_url] = idp_metadata_url if idp_metadata_url.present?
           strategy.options[:idp_sso_service_url] = idp_sso_service_url if idp_sso_service_url.present?
-
-          if strategy.options[:issuer].present? && sp_entity_id.present?
-            strategy.options[:issuer] = sp_entity_id
-          end
-
-          if strategy.options[:idp_metadata].present? && idp_metadata_url.present?
-            strategy.options[:idp_metadata] = idp_metadata_url
-          end
         end
       end
 
diff --git a/spec/lib/omniauth_tenant_setup_spec.rb b/spec/lib/omniauth_tenant_setup_spec.rb
index c955f8311..9bf637a29 100644
--- a/spec/lib/omniauth_tenant_setup_spec.rb
+++ b/spec/lib/omniauth_tenant_setup_spec.rb
@@ -34,7 +34,6 @@ describe OmniauthTenantSetup do
         mars_strategy_options = mars_env["omniauth.strategy"].options
 
         expect(mars_strategy_options[:sp_entity_id]).to eq "https://mars.consul.dev/saml/metadata"
-        expect(mars_strategy_options[:idp_metadata_url]).to eq "https://mars-idp.example.com/metadata"
         expect(mars_strategy_options[:idp_sso_service_url]).to eq "https://mars-idp.example.com/sso"
       end
 
@@ -48,7 +47,6 @@ describe OmniauthTenantSetup do
         venus_strategy_options = venus_env["omniauth.strategy"].options
 
         expect(venus_strategy_options[:sp_entity_id]).to eq "https://venus.consul.dev/saml/metadata"
-        expect(venus_strategy_options[:idp_metadata_url]).to eq "https://venus-idp.example.com/metadata"
         expect(venus_strategy_options[:idp_sso_service_url]).to eq "https://venus-idp.example.com/sso"
       end
     end
@@ -79,7 +77,6 @@ describe OmniauthTenantSetup do
         earth_strategy_options = earth_env["omniauth.strategy"].options
 
         expect(earth_strategy_options[:sp_entity_id]).to eq "https://default.consul.dev/saml/metadata"
-        expect(earth_strategy_options[:idp_metadata_url]).to eq "https://default-idp.example.com/metadata"
         expect(earth_strategy_options[:idp_sso_service_url]).to eq "https://default-idp.example.com/sso"
       end
     end