From 237c156e18a50e6ba9ee798bc82cb939a5dbda72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 13 Jan 2009 13:23:59 +0000
Subject: [PATCH] Fix for handling NoPassive responses to Google apps when
 using NameIDFormats that are different from Transient...

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1146 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 40 +++++++++++++--------
 www/saml2/idp/SSOService.php                |  2 +-
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index a04370f78..72cf1cb2f 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -653,6 +653,8 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		$idpmd 	= $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted');
 		$spmd 	= $this->metadata->getMetaData($spentityid, 'saml20-sp-remote');
 		
+#		echo '<pre>'; print_r($idpmd); exit;
+		
 		$issuer = $idpentityid;
 		$destination = $spmd['AssertionConsumerService'];
 		
@@ -673,6 +675,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		/**
 		 * Handling attributes.
 		 */
+		
 		$base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false;
 		$nameidformat = isset($spmd['NameIDFormat']) ? $spmd['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
 		$spnamequalifier = isset($spmd['SPNameQualifier']) ? $spmd['SPNameQualifier'] : $spmd['entityid'];
@@ -684,31 +687,38 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		elseif (isset($idpmd['AttributeNameFormat']))
 			$attributeNameFormat = $idpmd['AttributeNameFormat'];
 
-		
-		$encodedattributes = '';
-		foreach ($attributes AS $name => $values) {
-			$encodedattributes .= self::enc_attribute($name, $values, $base64, $attributeNameFormat);
-		}
-		$attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>';
-		
 		$sendattributes = isset($spmd['simplesaml.attributes']) ? $spmd['simplesaml.attributes'] : true;
-		
-		if (!$sendattributes) 
-			$attributestatement = '';
-		
+		$attributestatement = '';
+		if ($sendattributes && !is_null($attributes)) {
+			$encodedattributes = '';
+			foreach ($attributes AS $name => $values) {
+				$encodedattributes .= self::enc_attribute($name, $values, $base64, $attributeNameFormat);
+			}
+			$attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>';
+		}		
+
 		
 		
 		/**
 		 * Handling NameID
 		 */
+		$nameIdValue = NULL;
 		if ( ($nameidformat == self::EMAIL) or ($nameidformat == self::PERSISTENT) ) {
-			$nameIdValue = $attributes[$spmd['simplesaml.nameidattribute']][0];
+			if (!is_null($attributes)) {
+				$nameIdValue = $attributes[$spmd['simplesaml.nameidattribute']][0];
+			}
 		} else {
 			$nameIdValue = SimpleSAML_Utilities::generateID();
 		}
-		$nameIdData = array('Format' => $nameidformat, 'value' => $nameIdValue);
-		$session->setSessionNameId('saml20-sp-remote', $spentityid, $nameIdData);
-		$nameid = $this->generateNameID($nameidformat, $nameIdValue, $spnamequalifier);
+		
+		$nameid = '';
+		if (!empty($nameIdValue)) {		
+			$nameIdData = array('Format' => $nameidformat, 'value' => $nameIdValue);
+			$session->setSessionNameId('saml20-sp-remote', $spentityid, $nameIdData);
+			$nameid = $this->generateNameID($nameidformat, $nameIdValue, $spnamequalifier);
+		}
+		
+
 
 		$assertion = "";
 		if ($status === 'Success') {
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index e12feb0ef..101088226 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -221,7 +221,7 @@ if($needAuth && !$isPassive) {
 		 * With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive
 		 */
 		$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
-		$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], null, array(), 'NoPassive');
+		$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], NULL, NULL, 'NoPassive');
 
 		/* Sending the AuthNResponse using HTTP-Post SAML 2.0 binding. */
 		$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
-- 
GitLab