diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java index 29e9a9336..8b4e7a71a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java @@ -247,9 +247,21 @@ public static void setupSecurity(EntityDescriptor ed, EntityDescriptorRepresenta SecurityInfoRepresentation securityInfoRepresentation = representation.getSecurityInfo(); if (securityInfoRepresentation.isAuthenticationRequestsSigned()) { getSPSSODescriptorFromEntityDescriptor(ed).setAuthnRequestsSigned(true); + } else { + // If false, only set if the spssodescriptor already exists and is true + SPSSODescriptor descriptor = ed.getSPSSODescriptor(""); + if (descriptor != null && descriptor.isAuthnRequestsSigned()) { + descriptor.setAuthnRequestsSigned((Boolean)null); + } } if (securityInfoRepresentation.isWantAssertionsSigned()) { getSPSSODescriptorFromEntityDescriptor(ed).setWantAssertionsSigned(true); + } else { + // If false, only set if the spssodescriptor already exists and is true + SPSSODescriptor descriptor = ed.getSPSSODescriptor(""); + if (descriptor != null && descriptor.getWantAssertionsSigned()) { + descriptor.setWantAssertionsSigned((Boolean)null); + } } // TODO: review if we need more than a naive implementation ed.getOptionalSPSSODescriptor().ifPresent( i -> i.getKeyDescriptors().clear()); @@ -375,4 +387,4 @@ public static void setupRelyingPartyOverrides(EntityDescriptor ed, EntityDescrip getOptionalEntityAttributes(ed).ifPresent(entityAttributes -> entityAttributes.getAttributes().clear()); } } -} +} \ No newline at end of file