From 4b98bc03b52baaf3b38e95d4010128a3c3185e46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Fri, 26 Jan 2018 12:19:03 +0100
Subject: [PATCH] NameIDPolicy is not a valid configuration option in remote SP
 metadata, and therefore it doesn't make sense to use it in a filter
 generating persistent NameIDs (IdP side).

---
 modules/saml/lib/Auth/Process/SQLPersistentNameID.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index 00891824a..ecbb5a69a 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -93,7 +93,6 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
 
         $validNameIdFormats = @array_filter(array(
             $state['saml:NameIDFormat'],
-            $state['SPMetadata']['NameIDPolicy'],
             $state['SPMetadata']['NameIDFormat']
         ));
         if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
-- 
GitLab