Added support for leaving out the samlp:NameIDPolicy in the request by setting...

Added support for leaving out the samlp:NameIDPolicy in the request by setting the NameIDFormat to null in the SAML 2.0 SP metadata. Requested by James Hartford. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@424 44740490-163a-0410-bde0-09ae8108e29a

Added support for leaving out the samlp:NameIDPolicy in the request by setting...
06e62f79 · Andreas Åkre Solberg · ca7d0494 · 06e62f79 · 06e62f79
Commit 06e62f79 authored 17 years ago by Andreas Åkre Solberg
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -157,6 +157,13 @@
              <para>The NameIDFormat in the request. If you don't know what
              this is, or don't need it to be anything specific, leave it with
              the default configuration.</para>
+              <para>If you leave out this entry, the default value
+              <literal>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</literal>
+              would be used in the authentication request. If you set the
+              value to <code>null</code>, the
+              <literal>samlp:NameIDPolicy</literal> element would be
+              completely removed from the request.</para>
            </glossdef>
          </glossentry>

--- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
@@ -125,12 +125,20 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		 * Process the SAML 2.0 SP hosted metadata parameter: NameIDFormat
 		 */
 		$nameidformat = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
-		if (isset($md['NameIDFormat'])) {
+		$includeNameIDPolicy = true;
-			if (!is_string($md['NameIDFormat'])) {
+		if (array_key_exists('NameIDFormat', $md)) {
+			if (is_null($md['NameIDFormat'])) {
+				$includeNameIDPolicy = false;
+			} elseif (!is_string($md['NameIDFormat'])) {
 				throw new Exception('SAML 2.0 SP hosted metadata parameter [NameIDFormat] must be a string.');
+			} else {
+				$nameidformat = $md['NameIDFormat'];
 			}
-			$nameidformat = $md['NameIDFormat'];
 		}
+		if ($includeNameIDPolicy) {	
+			$nameIDPolicy = $this->generateNameIDPolicy($nameidformat);
+		}
 		/*
 		 * Process the SAML 2.0 SP hosted metadata parameter: ForceAuthn
@@ -158,6 +166,8 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 	</samlp:RequestedAuthnContext>';
 		}
 		/*
 		 * Create the complete SAML 2.0 Authentication Request
 		 */
@@ -169,9 +179,7 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 	ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 	AssertionConsumerServiceURL="' . htmlspecialchars($assertionConsumerServiceURL) . '">
 	<saml:Issuer >' . htmlspecialchars($spentityid) . '</saml:Issuer>
-	<samlp:NameIDPolicy
+	' . $nameIDPolicy . '
-		Format="' . htmlspecialchars($nameidformat) . '"
-		AllowCreate="true"/>
 	' . $requestauthncontext . '
 </samlp:AuthnRequest>
 ';
@@ -179,6 +187,16 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		return $authnRequest;
 	}
+	/**
+	 * Generate a NameIDPoliy element
+	 *
+	 * @param $nameidformat NameIDFormat. 
+	 */
+	public function generateNameIDPolicy($nameidformat) {
+		return '<samlp:NameIDPolicy
+		Format="' . htmlspecialchars($nameidformat) . '"
+		AllowCreate="true" />';
+	}
 }