From a21a46a5429c0bcdf2e320f021895930543c70d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pavl=C3=AD=C4=8Dek?= <469355@mail.muni.cz>
Date: Thu, 13 Feb 2025 18:50:50 +0100
Subject: [PATCH] feat: only allowed idps Disco support for SAML (needed for
 Beyond)

---
 lib/Disco.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/Disco.php b/lib/Disco.php
index 1c4af10..1063e0f 100644
--- a/lib/Disco.php
+++ b/lib/Disco.php
@@ -292,6 +292,11 @@ class Disco extends PowerIdPDisco
             }
         }
 
+        if (!empty($this->originalsp[Disco::METADATA_ONLY_ALLOWED_IDPS])) {
+            $onlyAllowedIdps = $this->originalsp[Disco::METADATA_ONLY_ALLOWED_IDPS];
+            $onlyAllowedIdps = array_fill_keys($onlyAllowedIdps, 1);
+        }
+
         if ($this->processAarcIdpHintEnabled) {
             $hintedIdp = $this->processAarcIdpHint($this->state, $hintedIdp);
         }
@@ -310,7 +315,11 @@ class Disco extends PowerIdPDisco
             // either will throw an exception or redirect user, we can end prematurely
             return;
         } elseif (sizeof($idpList) === 1) {
-            Logger::info(self::DEBUG_PREFIX . 'Only one Idp left. Redirecting automatically. IdP: ' . $idpList[0]);
+            Logger::info(
+                self::DEBUG_PREFIX .
+                'Only one Idp left. Redirecting automatically. IdP: ' .
+                array_key_first($idpList)
+            );
             $idp = array_keys($idpList)[0];
             self::redirectToIdP($idp);
         }
-- 
GitLab