From 3c5c3b60cd612886e780c2e02f80ccd3b2575e3d Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Fri, 24 Jun 2022 11:14:19 +0000 Subject: [PATCH] Move NameId generation to separate method for understandability No functional changes --- modules/saml/src/IdP/SAML2.php | 41 +++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php index 25eb69909..df94202f0 100644 --- a/modules/saml/src/IdP/SAML2.php +++ b/modules/saml/src/IdP/SAML2.php @@ -1214,9 +1214,32 @@ class SAML2 $a->setAttributes($attributes); } + $nameId = self::generateNameId($idpMetadata, $spMetadata, $state); + $state['saml:idp:NameID'] = $nameId; + $a->setNameId($nameId); + + $encryptNameId = $spMetadata->getOptionalBoolean('nameid.encryption', null); + if ($encryptNameId === null) { + $encryptNameId = $idpMetadata->getOptionalBoolean('nameid.encryption', false); + } + if ($encryptNameId) { + $a->encryptNameId(\SimpleSAML\Module\saml\Message::getEncryptionKey($spMetadata)); + } + + return $a; + } + + /** + * Helper for buildAssertion to decide on an NameID to set + */ + private static function generateNameId( + Configuration $idpMetadata, + Configuration $spMetadata, + array $state + ): NameID + { $nameIdFormat = null; - // generate the NameID for the assertion if (isset($state['saml:NameIDFormat'])) { $nameIdFormat = $state['saml:NameIDFormat']; } @@ -1236,6 +1259,7 @@ class SAML2 } else { if ($nameIdFormat === Constants::NAMEID_TRANSIENT) { // generate a random id + $randomUtils = new Utils\Random(); $nameIdValue = $randomUtils->generateID(); } @@ -1250,22 +1274,9 @@ class SAML2 $nameId->setSPNameQualifier($spNameQualifier); } - $state['saml:idp:NameID'] = $nameId; - - $a->setNameId($nameId); - - $encryptNameId = $spMetadata->getOptionalBoolean('nameid.encryption', null); - if ($encryptNameId === null) { - $encryptNameId = $idpMetadata->getOptionalBoolean('nameid.encryption', false); - } - if ($encryptNameId) { - $a->encryptNameId(\SimpleSAML\Module\saml\Message::getEncryptionKey($spMetadata)); - } - - return $a; + return $nameId; } - /** * Encrypt an assertion. * -- GitLab