From 431308535a03584d7dff46ab1785a150c46fb7e9 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Wed, 5 Jan 2022 10:54:38 +0000
Subject: [PATCH] admin: Fix metadata urls when having >1 IdP

The metadata endpoint requires an entityID, not authsource to find
the corresponding IdP. Which makes sense because that is the unique
identifier - different IdPs can make use of the same backend auth
source.
---
 modules/admin/lib/Controller/Federation.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/admin/lib/Controller/Federation.php b/modules/admin/lib/Controller/Federation.php
index 72aaef919..ffb6568bb 100644
--- a/modules/admin/lib/Controller/Federation.php
+++ b/modules/admin/lib/Controller/Federation.php
@@ -193,18 +193,19 @@ class Federation
             try {
                 $idps = $this->mdHandler->getList('saml20-idp-hosted');
                 $saml2entities = [];
+                $httpUtils = new Utils\HTTP();
+                $metadataBase = $httpUtils->getBaseURL() . 'saml2/idp/metadata.php';
                 if (count($idps) > 1) {
                     foreach ($idps as $index => $idp) {
-                        $idp['url'] = Module::getModuleURL('saml2/idp/metadata/' . $idp['auth']);
+                        $idp['url'] = $metadataBase . '?idpentityid=' . urlencode($idp['entityid']);
                         $idp['metadata-set'] = 'saml20-idp-hosted';
                         $idp['metadata-index'] = $index;
                         $idp['metadata_array'] = SAML2_IdP::getHostedMetadata($idp['entityid']);
                         $saml2entities[] = $idp;
                     }
                 } else {
-                    $httpUtils = new Utils\HTTP();
                     $saml2entities['saml20-idp'] = $this->mdHandler->getMetaDataCurrent('saml20-idp-hosted');
-                    $saml2entities['saml20-idp']['url'] = $httpUtils->getBaseURL() . 'saml2/idp/metadata.php';
+                    $saml2entities['saml20-idp']['url'] = $metadataBase;
                     $saml2entities['saml20-idp']['metadata_array'] = SAML2_IdP::getHostedMetadata(
                         $this->mdHandler->getMetaDataCurrentEntityID('saml20-idp-hosted')
                     );
@@ -234,7 +235,7 @@ class Federation
                 $adfsentities = [];
                 if (count($idps) > 1) {
                     foreach ($idps as $index => $idp) {
-                        $idp['url'] = Module::getModuleURL('adfs/idp/metadata/' . $idp['auth']);
+                        $idp['url'] = Module::getModuleURL('adfs/idp/metadata/?idpentityid=' . urlencode($idp['entityid']));
                         $idp['metadata-set'] = 'adfs-idp-hosted';
                         $idp['metadata-index'] = $index;
                         $idp['metadata_array'] = ADFS_IdP::getHostedMetadata($idp['entityid']);
-- 
GitLab