From 53f23953f3736a5c9b78817fb69e2c90ae8195e3 Mon Sep 17 00:00:00 2001
From: David Buhler <buhler@synopsys.com>
Date: Fri, 6 Nov 2020 12:52:39 -0700
Subject: [PATCH] Set response as parent after decrypting assertion

gh-504
---
 .../security/saml/websso/WebSSOProfileConsumerImpl.java          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/src/main/java/org/springframework/security/saml/websso/WebSSOProfileConsumerImpl.java b/core/src/main/java/org/springframework/security/saml/websso/WebSSOProfileConsumerImpl.java
index d7a4cf435..43c052d29 100644
--- a/core/src/main/java/org/springframework/security/saml/websso/WebSSOProfileConsumerImpl.java
+++ b/core/src/main/java/org/springframework/security/saml/websso/WebSSOProfileConsumerImpl.java
@@ -233,6 +233,7 @@ public SAMLCredential processAuthenticationResponse(SAMLMessageContext context)
                     Assert.notNull(context.getLocalDecrypter(), "Can't decrypt Assertion, no decrypter is set in the context");
                     log.debug("Decrypting assertion");
                     Assertion decryptedAssertion = context.getLocalDecrypter().decrypt(ea);
+                    decryptedAssertion.setParent(response);
                     assertionList.add(decryptedAssertion);
                 } catch (DecryptionException e) {
                     log.debug("Decryption of received assertion failed, assertion will be skipped", e);