spring-projects
diff --git a/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/internal/OpenSaml4Template.java
+1-11 b/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/internal/OpenSaml4Template.java
+1-11
diff --git a/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4Template.java
+1-11 b/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4Template.java
+1-11
diff --git a/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4Template.java
+1-11 b/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSaml4Template.java
+1-11
diff --git a/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml4Template.java
+1-11 b/Diff for: ‎saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/metadata/OpenSaml4Template.java
+1-11
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -482,7 +482,6 @@ public void decrypt(XMLObject object) {
 
 		private void decryptResponse(Response response) {
 			Collection<Assertion> decrypteds = new ArrayList<>();
-			Collection<EncryptedAssertion> encrypteds = new ArrayList<>();
 
 			int count = 0;
 			int size = response.getEncryptedAssertions().size();
@@ -492,7 +491,6 @@ private void decryptResponse(Response response) {
 				try {
 					Assertion decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 					count++;
@@ -502,7 +500,6 @@ private void decryptResponse(Response response) {
 				}
 			}
 
-			response.getEncryptedAssertions().removeAll(encrypteds);
 			response.getAssertions().addAll(decrypteds);
 
 			// Re-marshall the response so that any ID attributes within the decrypted
@@ -534,7 +531,6 @@ private void decryptAssertion(Assertion assertion) {
 								NameID decrypted = (NameID) this.decrypter.decrypt(d.getEncryptedID());
 								if (decrypted != null) {
 									d.setNameID(decrypted);
-									d.setEncryptedID(null);
 								}
 							}
 							catch (DecryptionException ex) {
@@ -548,20 +544,17 @@ private void decryptAssertion(Assertion assertion) {
 
 		private void decryptAttributes(AttributeStatement statement) {
 			Collection<Attribute> decrypteds = new ArrayList<>();
-			Collection<EncryptedAttribute> encrypteds = new ArrayList<>();
 			for (EncryptedAttribute encrypted : statement.getEncryptedAttributes()) {
 				try {
 					Attribute decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 				}
 				catch (Exception ex) {
 					throw new Saml2Exception(ex);
 				}
 			}
-			statement.getEncryptedAttributes().removeAll(encrypteds);
 			statement.getAttributes().addAll(decrypteds);
 		}
 
@@ -572,7 +565,6 @@ private void decryptSubject(Subject subject) {
 						NameID decrypted = (NameID) this.decrypter.decrypt(subject.getEncryptedID());
 						if (decrypted != null) {
 							subject.setNameID(decrypted);
-							subject.setEncryptedID(null);
 						}
 					}
 					catch (final DecryptionException ex) {
@@ -586,7 +578,6 @@ private void decryptSubject(Subject subject) {
 							NameID decrypted = (NameID) this.decrypter.decrypt(sc.getEncryptedID());
 							if (decrypted != null) {
 								sc.setNameID(decrypted);
-								sc.setEncryptedID(null);
 							}
 						}
 						catch (final DecryptionException ex) {
@@ -603,7 +594,6 @@ private void decryptLogoutRequest(LogoutRequest request) {
 					NameID decrypted = (NameID) this.decrypter.decrypt(request.getEncryptedID());
 					if (decrypted != null) {
 						request.setNameID(decrypted);
-						request.setEncryptedID(null);
 					}
 				}
 				catch (DecryptionException ex) {
 
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -482,7 +482,6 @@ public void decrypt(XMLObject object) {
 
 		private void decryptResponse(Response response) {
 			Collection<Assertion> decrypteds = new ArrayList<>();
-			Collection<EncryptedAssertion> encrypteds = new ArrayList<>();
 
 			int count = 0;
 			int size = response.getEncryptedAssertions().size();
@@ -492,7 +491,6 @@ private void decryptResponse(Response response) {
 				try {
 					Assertion decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 					count++;
@@ -502,7 +500,6 @@ private void decryptResponse(Response response) {
 				}
 			}
 
-			response.getEncryptedAssertions().removeAll(encrypteds);
 			response.getAssertions().addAll(decrypteds);
 
 			// Re-marshall the response so that any ID attributes within the decrypted
@@ -534,7 +531,6 @@ private void decryptAssertion(Assertion assertion) {
 								NameID decrypted = (NameID) this.decrypter.decrypt(d.getEncryptedID());
 								if (decrypted != null) {
 									d.setNameID(decrypted);
-									d.setEncryptedID(null);
 								}
 							}
 							catch (DecryptionException ex) {
@@ -548,20 +544,17 @@ private void decryptAssertion(Assertion assertion) {
 
 		private void decryptAttributes(AttributeStatement statement) {
 			Collection<Attribute> decrypteds = new ArrayList<>();
-			Collection<EncryptedAttribute> encrypteds = new ArrayList<>();
 			for (EncryptedAttribute encrypted : statement.getEncryptedAttributes()) {
 				try {
 					Attribute decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 				}
 				catch (Exception ex) {
 					throw new Saml2Exception(ex);
 				}
 			}
-			statement.getEncryptedAttributes().removeAll(encrypteds);
 			statement.getAttributes().addAll(decrypteds);
 		}
 
@@ -572,7 +565,6 @@ private void decryptSubject(Subject subject) {
 						NameID decrypted = (NameID) this.decrypter.decrypt(subject.getEncryptedID());
 						if (decrypted != null) {
 							subject.setNameID(decrypted);
-							subject.setEncryptedID(null);
 						}
 					}
 					catch (final DecryptionException ex) {
@@ -586,7 +578,6 @@ private void decryptSubject(Subject subject) {
 							NameID decrypted = (NameID) this.decrypter.decrypt(sc.getEncryptedID());
 							if (decrypted != null) {
 								sc.setNameID(decrypted);
-								sc.setEncryptedID(null);
 							}
 						}
 						catch (final DecryptionException ex) {
@@ -603,7 +594,6 @@ private void decryptLogoutRequest(LogoutRequest request) {
 					NameID decrypted = (NameID) this.decrypter.decrypt(request.getEncryptedID());
 					if (decrypted != null) {
 						request.setNameID(decrypted);
-						request.setEncryptedID(null);
 					}
 				}
 				catch (DecryptionException ex) {
 
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -482,7 +482,6 @@ public void decrypt(XMLObject object) {
 
 		private void decryptResponse(Response response) {
 			Collection<Assertion> decrypteds = new ArrayList<>();
-			Collection<EncryptedAssertion> encrypteds = new ArrayList<>();
 
 			int count = 0;
 			int size = response.getEncryptedAssertions().size();
@@ -492,7 +491,6 @@ private void decryptResponse(Response response) {
 				try {
 					Assertion decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 					count++;
@@ -502,7 +500,6 @@ private void decryptResponse(Response response) {
 				}
 			}
 
-			response.getEncryptedAssertions().removeAll(encrypteds);
 			response.getAssertions().addAll(decrypteds);
 
 			// Re-marshall the response so that any ID attributes within the decrypted
@@ -534,7 +531,6 @@ private void decryptAssertion(Assertion assertion) {
 								NameID decrypted = (NameID) this.decrypter.decrypt(d.getEncryptedID());
 								if (decrypted != null) {
 									d.setNameID(decrypted);
-									d.setEncryptedID(null);
 								}
 							}
 							catch (DecryptionException ex) {
@@ -548,20 +544,17 @@ private void decryptAssertion(Assertion assertion) {
 
 		private void decryptAttributes(AttributeStatement statement) {
 			Collection<Attribute> decrypteds = new ArrayList<>();
-			Collection<EncryptedAttribute> encrypteds = new ArrayList<>();
 			for (EncryptedAttribute encrypted : statement.getEncryptedAttributes()) {
 				try {
 					Attribute decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 				}
 				catch (Exception ex) {
 					throw new Saml2Exception(ex);
 				}
 			}
-			statement.getEncryptedAttributes().removeAll(encrypteds);
 			statement.getAttributes().addAll(decrypteds);
 		}
 
@@ -572,7 +565,6 @@ private void decryptSubject(Subject subject) {
 						NameID decrypted = (NameID) this.decrypter.decrypt(subject.getEncryptedID());
 						if (decrypted != null) {
 							subject.setNameID(decrypted);
-							subject.setEncryptedID(null);
 						}
 					}
 					catch (final DecryptionException ex) {
@@ -586,7 +578,6 @@ private void decryptSubject(Subject subject) {
 							NameID decrypted = (NameID) this.decrypter.decrypt(sc.getEncryptedID());
 							if (decrypted != null) {
 								sc.setNameID(decrypted);
-								sc.setEncryptedID(null);
 							}
 						}
 						catch (final DecryptionException ex) {
@@ -603,7 +594,6 @@ private void decryptLogoutRequest(LogoutRequest request) {
 					NameID decrypted = (NameID) this.decrypter.decrypt(request.getEncryptedID());
 					if (decrypted != null) {
 						request.setNameID(decrypted);
-						request.setEncryptedID(null);
 					}
 				}
 				catch (DecryptionException ex) {
 
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -482,7 +482,6 @@ public void decrypt(XMLObject object) {
 
 		private void decryptResponse(Response response) {
 			Collection<Assertion> decrypteds = new ArrayList<>();
-			Collection<EncryptedAssertion> encrypteds = new ArrayList<>();
 
 			int count = 0;
 			int size = response.getEncryptedAssertions().size();
@@ -492,7 +491,6 @@ private void decryptResponse(Response response) {
 				try {
 					Assertion decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 					count++;
@@ -502,7 +500,6 @@ private void decryptResponse(Response response) {
 				}
 			}
 
-			response.getEncryptedAssertions().removeAll(encrypteds);
 			response.getAssertions().addAll(decrypteds);
 
 			// Re-marshall the response so that any ID attributes within the decrypted
@@ -534,7 +531,6 @@ private void decryptAssertion(Assertion assertion) {
 								NameID decrypted = (NameID) this.decrypter.decrypt(d.getEncryptedID());
 								if (decrypted != null) {
 									d.setNameID(decrypted);
-									d.setEncryptedID(null);
 								}
 							}
 							catch (DecryptionException ex) {
@@ -548,20 +544,17 @@ private void decryptAssertion(Assertion assertion) {
 
 		private void decryptAttributes(AttributeStatement statement) {
 			Collection<Attribute> decrypteds = new ArrayList<>();
-			Collection<EncryptedAttribute> encrypteds = new ArrayList<>();
 			for (EncryptedAttribute encrypted : statement.getEncryptedAttributes()) {
 				try {
 					Attribute decrypted = this.decrypter.decrypt(encrypted);
 					if (decrypted != null) {
-						encrypteds.add(encrypted);
 						decrypteds.add(decrypted);
 					}
 				}
 				catch (Exception ex) {
 					throw new Saml2Exception(ex);
 				}
 			}
-			statement.getEncryptedAttributes().removeAll(encrypteds);
 			statement.getAttributes().addAll(decrypteds);
 		}
 
@@ -572,7 +565,6 @@ private void decryptSubject(Subject subject) {
 						NameID decrypted = (NameID) this.decrypter.decrypt(subject.getEncryptedID());
 						if (decrypted != null) {
 							subject.setNameID(decrypted);
-							subject.setEncryptedID(null);
 						}
 					}
 					catch (final DecryptionException ex) {
@@ -586,7 +578,6 @@ private void decryptSubject(Subject subject) {
 							NameID decrypted = (NameID) this.decrypter.decrypt(sc.getEncryptedID());
 							if (decrypted != null) {
 								sc.setNameID(decrypted);
-								sc.setEncryptedID(null);
 							}
 						}
 						catch (final DecryptionException ex) {
@@ -603,7 +594,6 @@ private void decryptLogoutRequest(LogoutRequest request) {
 					NameID decrypted = (NameID) this.decrypter.decrypt(request.getEncryptedID());
 					if (decrypted != null) {
 						request.setNameID(decrypted);
-						request.setEncryptedID(null);
 					}
 				}
 				catch (DecryptionException ex) {
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2024 the original author or authors.`
	`2`	`+ * Copyright 2002-2025 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -482,7 +482,6 @@ public void decrypt(XMLObject object) {`
`482`	`482`
`483`	`483`	`private void decryptResponse(Response response) {`
`484`	`484`	`Collection<Assertion> decrypteds = new ArrayList<>();`
`485`		`- Collection<EncryptedAssertion> encrypteds = new ArrayList<>();`
`486`	`485`
`487`	`486`	`int count = 0;`
`488`	`487`	`int size = response.getEncryptedAssertions().size();`
`@@ -492,7 +491,6 @@ private void decryptResponse(Response response) {`
`492`	`491`	`try {`
`493`	`492`	`Assertion decrypted = this.decrypter.decrypt(encrypted);`
`494`	`493`	`if (decrypted != null) {`
`495`		`- encrypteds.add(encrypted);`
`496`	`494`	`decrypteds.add(decrypted);`
`497`	`495`	`}`
`498`	`496`	`count++;`
`@@ -502,7 +500,6 @@ private void decryptResponse(Response response) {`
`502`	`500`	`}`
`503`	`501`	`}`
`504`	`502`
`505`		`- response.getEncryptedAssertions().removeAll(encrypteds);`
`506`	`503`	`response.getAssertions().addAll(decrypteds);`
`507`	`504`
`508`	`505`	`// Re-marshall the response so that any ID attributes within the decrypted`
`@@ -534,7 +531,6 @@ private void decryptAssertion(Assertion assertion) {`
`534`	`531`	`NameID decrypted = (NameID) this.decrypter.decrypt(d.getEncryptedID());`
`535`	`532`	`if (decrypted != null) {`
`536`	`533`	`d.setNameID(decrypted);`
`537`		`- d.setEncryptedID(null);`
`538`	`534`	`}`
`539`	`535`	`}`
`540`	`536`	`catch (DecryptionException ex) {`
`@@ -548,20 +544,17 @@ private void decryptAssertion(Assertion assertion) {`
`548`	`544`
`549`	`545`	`private void decryptAttributes(AttributeStatement statement) {`
`550`	`546`	`Collection<Attribute> decrypteds = new ArrayList<>();`
`551`		`- Collection<EncryptedAttribute> encrypteds = new ArrayList<>();`
`552`	`547`	`for (EncryptedAttribute encrypted : statement.getEncryptedAttributes()) {`
`553`	`548`	`try {`
`554`	`549`	`Attribute decrypted = this.decrypter.decrypt(encrypted);`
`555`	`550`	`if (decrypted != null) {`
`556`		`- encrypteds.add(encrypted);`
`557`	`551`	`decrypteds.add(decrypted);`
`558`	`552`	`}`
`559`	`553`	`}`
`560`	`554`	`catch (Exception ex) {`
`561`	`555`	`throw new Saml2Exception(ex);`
`562`	`556`	`}`
`563`	`557`	`}`
`564`		`- statement.getEncryptedAttributes().removeAll(encrypteds);`
`565`	`558`	`statement.getAttributes().addAll(decrypteds);`
`566`	`559`	`}`
`567`	`560`
`@@ -572,7 +565,6 @@ private void decryptSubject(Subject subject) {`
`572`	`565`	`NameID decrypted = (NameID) this.decrypter.decrypt(subject.getEncryptedID());`
`573`	`566`	`if (decrypted != null) {`
`574`	`567`	`subject.setNameID(decrypted);`
`575`		`- subject.setEncryptedID(null);`
`576`	`568`	`}`
`577`	`569`	`}`
`578`	`570`	`catch (final DecryptionException ex) {`
`@@ -586,7 +578,6 @@ private void decryptSubject(Subject subject) {`
`586`	`578`	`NameID decrypted = (NameID) this.decrypter.decrypt(sc.getEncryptedID());`
`587`	`579`	`if (decrypted != null) {`
`588`	`580`	`sc.setNameID(decrypted);`
`589`		`- sc.setEncryptedID(null);`
`590`	`581`	`}`
`591`	`582`	`}`
`592`	`583`	`catch (final DecryptionException ex) {`
`@@ -603,7 +594,6 @@ private void decryptLogoutRequest(LogoutRequest request) {`
`603`	`594`	`NameID decrypted = (NameID) this.decrypter.decrypt(request.getEncryptedID());`
`604`	`595`	`if (decrypted != null) {`
`605`	`596`	`request.setNameID(decrypted);`
`606`		`- request.setEncryptedID(null);`
`607`	`597`	`}`
`608`	`598`	`}`
`609`	`599`	`catch (DecryptionException ex) {`