From 14884846a9fc52f3dd37c13b47ee6dc21c188ee8 Mon Sep 17 00:00:00 2001
From: Sean Hannan <seanphannan@gmail.com>
Date: Thu, 21 Mar 2019 06:30:47 -0400
Subject: [PATCH] SAML: Configurable SLO and ACS metadata (#988)

This commit adds the ability to override the defaults in the generated SP metadata for SLO Location and ACS endpoints. This is necessary for my use case as I have additional ACS endpoints to publish in my metadata beyond the generated ones as well as a custom SLO handler that I need to direct my users to. If unset in the config, it uses the defaults as before.
---
 modules/saml/docs/sp.md          | 8 ++++++++
 modules/saml/www/sp/metadata.php | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index f03a7478f..6e1607e1c 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -120,6 +120,11 @@ Options
 
 :   *Note*: SAML 2 specific.
 
+`AssertionConsumerService`
+:   List of Assertion Consumer Services in the generated metadata. Specified in the array of
+    arrays format as seen in the [Metadata endpoints](./simplesamlphp-metadata-endpoints)
+    documentation.
+
 `attributes`
 :   List of attributes this SP requests from the IdP.
     This list will be added to the generated metadata.
@@ -410,6 +415,9 @@ Options
     * `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST`
 	* `urn:oasis:names:tc:SAML:2.0:bindings:SOAP`
 
+`SingleLogoutServiceLocation`
+:   The Single Logout Service URL published in the generated metadata.
+
 `url`
 :   A URL to your service provider. Will be added as an OrganizationURL-element in the metadata.
 
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index f82f3105c..a9557379d 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -42,7 +42,7 @@ foreach ($slob as $binding) {
     }
     $metaArray20['SingleLogoutService'][] = [
         'Binding'  => $binding,
-        'Location' => $slol,
+        'Location' => $spconfig->getString('SingleLogoutServiceLocation', $slol),
     ];
 }
 
@@ -106,7 +106,7 @@ foreach ($assertionsconsumerservices as $services) {
     $index++;
 }
 
-$metaArray20['AssertionConsumerService'] = $eps;
+$metaArray20['AssertionConsumerService'] = $spconfig->getArray('AssertionConsumerService', $eps);
 
 $keys = [];
 $certInfo = \SimpleSAML\Utils\Crypto::loadPublicKey($spconfig, false, 'new_');
-- 
GitLab