Set WantAuthnRequestsSigned in the generated IdP XML metadata if...

Set WantAuthnRequestsSigned in the generated IdP XML metadata if validate.authnrequest or redirect.validate options are set in saml20-idp-hosted metadata (with that order of precedence). Fixes #43.

lib/SimpleSAML/Metadata/SAMLBuilder.php

@@ -488,8 +488,10 @@ class SimpleSAML_Metadata_SAMLBuilder {
 		$e = new SAML2_XML_md_IDPSSODescriptor();
 		$e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:2.0:protocol';
 
-		if ($metadata->getBoolean('redirect.sign', FALSE)) {
-			$e->WantAuthnRequestsSigned = TRUE;
+		if ($metadata->hasValue('sign.authnrequest')) {
+			$e->WantAuthnRequestsSigned = $metadata->getBoolean('sign.authnrequest');
+		} elseif ($metadata->hasValue('redirect.sign')) {
+			$e->WantAuthnRequestsSigned = $metadata->getBoolean('redirect.sign');
 		}
 
 		$this->addExtensions($metadata, $e);

www/saml2/idp/metadata.php

@@ -150,6 +150,14 @@ try {
 		$metaArray['RegistrationInfo'] = $idpmeta->getArray('RegistrationInfo');
 	}
 
+	if ($idpmeta->hasValue('validate.authnrequest')) {
+		$metaArray['sign.authnrequest'] = $idpmeta->getBoolean('validate.authnrequest');
+	}
+
+	if ($idpmeta->hasValue('redirect.validate')) {
+		$metaArray['redirect.sign'] = $idpmeta->getBoolean('redirect.validate');
+	}
+
 	$metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';';
 
 	$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);