From 3b7619038fd36831b28be76545f82dd0a57eaedc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez?= <jaime.perez@uninett.no>
Date: Tue, 30 Aug 2016 11:10:10 +0200
Subject: [PATCH] Keep the requested authentication context.

The SAML2 IdP should keep the RequestedAuthnContext in the state array, so that authentication sources (or processing filters) can use that information during authentication.
---
 modules/saml/lib/IdP/SAML2.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 20897dcf3..15f584d7e 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -282,6 +282,7 @@ class sspmod_saml_IdP_SAML2 {
 			$consumerIndex = NULL;
 			$extensions = NULL;
 			$allowCreate = TRUE;
+			$authnContext = null;
 
 			$idpInit = TRUE;
 
@@ -317,6 +318,7 @@ class sspmod_saml_IdP_SAML2 {
 			$protocolBinding = $request->getProtocolBinding();
 			$consumerIndex = $request->getAssertionConsumerServiceIndex();
 			$extensions = $request->getExtensions();
+			$authnContext = $request->getRequestedAuthnContext();
 
 			$nameIdPolicy = $request->getNameIdPolicy();
 			if (isset($nameIdPolicy['Format'])) {
@@ -384,6 +386,7 @@ class sspmod_saml_IdP_SAML2 {
 			'saml:AllowCreate' => $allowCreate,
 			'saml:Extensions' => $extensions,
 			'saml:AuthnRequestReceivedAt' => microtime(TRUE),
+			'saml:RequestedAuthnContext' => $authnContext,
 		);
 
 		$idp->handleAuthenticationRequest($state);
-- 
GitLab