bugfix: Make sure empty strings are not acceptable for NameID generation.

This resolves #519.

modules/saml/lib/Auth/Process/AttributeNameID.php

@@ -67,6 +67,15 @@ class sspmod_saml_Auth_Process_AttributeNameID extends sspmod_saml_BaseNameIDGen
         }
         $value = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $value = $value[0];
+
+        if (empty($value)) {
+            SimpleSAML\Logger::warning(
+                'Empty value in attribute '.var_export($this->attribute, true).
+                ' on user - not generating persistent NameID.'
+            );
+            return null;
+        }
+
         return $value;
     }
 

modules/saml/lib/Auth/Process/PersistentNameID.php

@@ -77,6 +77,14 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe
         $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $uid = $uid[0];
 
+        if (empty($uid)) {
+            SimpleSAML\Logger::warning(
+                'Empty value in attribute '.var_export($this->attribute, true).
+                ' on user - not generating persistent NameID.'
+            );
+            return null;
+        }
+
         $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
 
         $uidData = 'uidhashbase'.$secretSalt;