From 396187164b9afb8e2e8ec3c7bd76ab31e5c39b62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Mon, 2 Jul 2018 14:16:45 +0200
Subject: [PATCH] Prioritize HTTP-Redirect binding when sending an
 authentication request.

The SingleSignOn endpoint is not indexed, and as such, we should prioritize HTTP-Redirect when available in order to comply with SAML2Int.
---
 modules/saml/lib/Auth/Source/SP.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 8eb262208..e410a7eca 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -287,10 +287,10 @@ class SP extends Source
                 \SAML2\Constants::BINDING_HOK_SSO)
             );
         } else {
-            $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(
+            $dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleSignOnService', [
                 \SAML2\Constants::BINDING_HTTP_REDIRECT,
-                \SAML2\Constants::BINDING_HTTP_POST)
-            );
+                \SAML2\Constants::BINDING_HTTP_POST,
+            ]);
         }
         $ar->setDestination($dst['Location']);
 
-- 
GitLab