From 06c3de3f34fd3bedca58c90f5b9cbeb01fa9f897 Mon Sep 17 00:00:00 2001
From: Guy Halse <guy@tenet.ac.za>
Date: Fri, 1 Jul 2016 15:52:11 +0200
Subject: [PATCH] Allow multiple NameIDFormats for IdPs The SAML2int spec
 suggests that IdPs should advertise two name identifier formats, and SAML
 itself supports this. It seems that SimpleSAMLphp does too, when handling
 metadata in XML (it is implemented as an array). However the internal
 metadata format uses getString, limiting us to only a single NameIDFormat. So
 far as I can tell, all that's needed to fix this is to change the metadata
 parser to use getArrayizeString to accept either a string or an array, and to
 cast that as a string when necessary. This may solve issue
 simplesamlphp/simplesamlphp#91

---
 modules/saml/lib/IdP/SAML2.php | 4 ++--
 www/saml2/idp/metadata.php     | 2 +-
 www/shib13/idp/metadata.php    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 6dae8c4ca..36035583c 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -986,9 +986,9 @@ class SAML2
 
         if ($nameIdFormat === null || !isset($state['saml:NameID'][$nameIdFormat])) {
             // either not set in request, or not set to a format we supply. Fall back to old generation method
-            $nameIdFormat = $spMetadata->getString('NameIDFormat', null);
+            $nameIdFormat = (string)$spMetadata->getArrayizeString('NameIDFormat', null);
             if ($nameIdFormat === null) {
-                $nameIdFormat = $idpMetadata->getString('NameIDFormat', \SAML2\Constants::NAMEID_TRANSIENT);
+                $nameIdFormat = (string)$idpMetadata->getArrayizeString('NameIDFormat', \SAML2\Constants::NAMEID_TRANSIENT);
             }
         }
 
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 77f9e20f0..720ecc872 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -134,7 +134,7 @@ try {
         );
     }
 
-    $metaArray['NameIDFormat'] = $idpmeta->getString(
+    $metaArray['NameIDFormat'] = $idpmeta->getArrayizeString(
         'NameIDFormat',
         'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
     );
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index edb474eed..a366f1da2 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -51,7 +51,7 @@ try {
         $metaArray['keys'] = $keys;
     }
 
-    $metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:mace:shibboleth:1.0:nameIdentifier');
+    $metaArray['NameIDFormat'] = $idpmeta->getArrayizeString('NameIDFormat', 'urn:mace:shibboleth:1.0:nameIdentifier');
 
     if ($idpmeta->hasValue('OrganizationName')) {
         $metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName');
-- 
GitLab