Incorrect IdP metadata resolver initialization in SAML2Configuration

[Jonathan Mesny]

Hi,

I noticed that in v6.0.4.1, it became impossible to properly set an IdP metadata resource on an already initialized SAML2Configuration.

Here is the kind of code we have in our product, that breaks with v6.0.4.1:

var configuration = new SAML2Configuration();

var idpResource = new ByteArrayResource(...);
configuration.setIdentityProviderMetadataResource(idpResource);

var saml2Client = new SAML2Client(configuration);
saml2Client.init();

// [...]

var idpMetadata = saml2Client.getIdentityProviderMetadataResolver().getMetadata();

// java.lang.NullPointerException: defaultObj
// at java.base/java.util.Objects.requireNonNull(Objects.java:246)
// at java.base/java.util.Objects.requireNonNullElse(Objects.java:295)
// at org.pac4j.saml.config.SAML2Configuration.getIdentityProviderMetadataResolver(SAML2Configuration.java:570)
// at org.pac4j.saml.client.SAML2Client.initIdentityProviderMetadataResolver(SAML2Client.java:223)
// at org.pac4j.saml.client.SAML2Client.internalInit(SAML2Client.java:118)
// at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:61)
// at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:38)

The reason is that the SAML2IdentityProviderMetadataResolver is now initialized in the class constructor, and immediately depends on the identityProviderMetadataResource from the configuration itself.

But the problem is that the identityProviderMetadataResource value can be set after the SAML2Configuration creation...

Here is a fix proposal: https://github.com/pac4j/pac4j/pull/2945

Best regards,

Jonathan.