From 3ce8642c690d8c140594c8c89e879af2208dff47 Mon Sep 17 00:00:00 2001 From: Jaime Perez <jaime.perez@uninett.no> Date: Tue, 24 Jun 2014 16:06:37 +0200 Subject: [PATCH] Set WantAuthnRequestsSigned in the generated IdP XML metadata if validate.authnrequest or redirect.validate options are set in saml20-idp-hosted metadata (with that order of precedence). Fixes #43. --- lib/SimpleSAML/Metadata/SAMLBuilder.php | 6 ++++-- www/saml2/idp/metadata.php | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index 057f9886c..da0107296 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -488,8 +488,10 @@ class SimpleSAML_Metadata_SAMLBuilder { $e = new SAML2_XML_md_IDPSSODescriptor(); $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:2.0:protocol'; - if ($metadata->getBoolean('redirect.sign', FALSE)) { - $e->WantAuthnRequestsSigned = TRUE; + if ($metadata->hasValue('sign.authnrequest')) { + $e->WantAuthnRequestsSigned = $metadata->getBoolean('sign.authnrequest'); + } elseif ($metadata->hasValue('redirect.sign')) { + $e->WantAuthnRequestsSigned = $metadata->getBoolean('redirect.sign'); } $this->addExtensions($metadata, $e); diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index cf24b788f..0b5f943df 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -150,6 +150,14 @@ try { $metaArray['RegistrationInfo'] = $idpmeta->getArray('RegistrationInfo'); } + if ($idpmeta->hasValue('validate.authnrequest')) { + $metaArray['sign.authnrequest'] = $idpmeta->getBoolean('validate.authnrequest'); + } + + if ($idpmeta->hasValue('redirect.validate')) { + $metaArray['redirect.sign'] = $idpmeta->getBoolean('redirect.validate'); + } + $metaflat = '$metadata[' . var_export($idpentityid, TRUE) . '] = ' . var_export($metaArray, TRUE) . ';'; $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); -- GitLab