diff --git a/composer.json b/composer.json
index 51e36cc069fd1f8e6930db696b11323c27e44fc8..7f5de8465f34db2cf074a6f0f63460ad0deaa852 100644
--- a/composer.json
+++ b/composer.json
@@ -67,7 +67,7 @@
"psr/log": "^2.0 || ^3.0",
"robrichards/xmlseclibs": "^3.1.1",
"simplesamlphp/assert": "^1.0.0",
- "simplesamlphp/saml2": "^5.0.0-alpha.6",
+ "simplesamlphp/saml2": "^v5.0.0-alpha.8",
"simplesamlphp/simplesamlphp-assets-base": "^2.0.0",
"simplesamlphp/simplesamlphp-module-adfs": "^3.0.0-rc1",
"symfony/cache": "^5.4||^6",
diff --git a/composer.lock b/composer.lock
index f0cb05501177f713cfe7bfe7c24ade68a4ec52f0..a2389fff620e8513520432af18769ff384d66e73 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "5b7cb7b788e186caec87e8170bd38223",
+ "content-hash": "fdf5c336fd697b54cb5f1a9c2057c32c",
"packages": [
{
"name": "gettext/gettext",
@@ -840,16 +840,16 @@
},
{
"name": "simplesamlphp/saml2",
- "version": "v5.0.0-alpha.6",
+ "version": "v5.0.0-alpha.8",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/saml2.git",
- "reference": "628c05a7245977bf37b5d8234d3fcce4ed88a2e2"
+ "reference": "a64a3dd8a6e495feb1fb98eeb69217a6ec939c03"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/628c05a7245977bf37b5d8234d3fcce4ed88a2e2",
- "reference": "628c05a7245977bf37b5d8234d3fcce4ed88a2e2",
+ "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/a64a3dd8a6e495feb1fb98eeb69217a6ec939c03",
+ "reference": "a64a3dd8a6e495feb1fb98eeb69217a6ec939c03",
"shasum": ""
},
"require": {
@@ -899,9 +899,9 @@
"description": "SAML2 PHP library from SimpleSAMLphp",
"support": {
"issues": "https://github.com/simplesamlphp/saml2/issues",
- "source": "https://github.com/simplesamlphp/saml2/tree/v5.0.0-alpha.6"
+ "source": "https://github.com/simplesamlphp/saml2/tree/v5.0.0-alpha.8"
},
- "time": "2023-05-30T20:52:38+00:00"
+ "time": "2023-06-16T17:57:45+00:00"
},
{
"name": "simplesamlphp/simplesamlphp-assets-base",
@@ -945,12 +945,12 @@
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/simplesamlphp-module-adfs.git",
- "reference": "164f867fca890411a3b4445ffc6e91a5d901eb20"
+ "reference": "0786afbd546b6a571d6023756d7ab52f863004a3"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/simplesamlphp-module-adfs/zipball/164f867fca890411a3b4445ffc6e91a5d901eb20",
- "reference": "164f867fca890411a3b4445ffc6e91a5d901eb20",
+ "url": "https://api.github.com/repos/simplesamlphp/simplesamlphp-module-adfs/zipball/0786afbd546b6a571d6023756d7ab52f863004a3",
+ "reference": "0786afbd546b6a571d6023756d7ab52f863004a3",
"shasum": ""
},
"require": {
@@ -997,20 +997,20 @@
"issues": "https://github.com/simplesamlphp/simplesamlphp-module-adfs/issues",
"source": "https://github.com/simplesamlphp/simplesamlphp-module-adfs"
},
- "time": "2023-07-05T18:40:30+00:00"
+ "time": "2023-07-05T19:04:15+00:00"
},
{
"name": "simplesamlphp/xml-common",
- "version": "v1.12.1",
+ "version": "v1.12.2",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/xml-common.git",
- "reference": "89a31ba1dd5bf5fe7573555e3d8238f9af66df5f"
+ "reference": "27e7f7c88d9178568ae5220f9922e506c5a90a65"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/xml-common/zipball/89a31ba1dd5bf5fe7573555e3d8238f9af66df5f",
- "reference": "89a31ba1dd5bf5fe7573555e3d8238f9af66df5f",
+ "url": "https://api.github.com/repos/simplesamlphp/xml-common/zipball/27e7f7c88d9178568ae5220f9922e506c5a90a65",
+ "reference": "27e7f7c88d9178568ae5220f9922e506c5a90a65",
"shasum": ""
},
"require": {
@@ -1056,20 +1056,20 @@
"issues": "https://github.com/simplesamlphp/xml-common/issues",
"source": "https://github.com/simplesamlphp/xml-common"
},
- "time": "2023-06-04T21:46:50+00:00"
+ "time": "2023-07-17T19:15:36+00:00"
},
{
"name": "simplesamlphp/xml-security",
- "version": "v1.6.5",
+ "version": "v1.6.9",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/xml-security.git",
- "reference": "c3c3c9750dbbb982e18b014e79925d6d49cd5a87"
+ "reference": "b165928717c51edad19b16a99ac9c6df422ec8bc"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/xml-security/zipball/c3c3c9750dbbb982e18b014e79925d6d49cd5a87",
- "reference": "c3c3c9750dbbb982e18b014e79925d6d49cd5a87",
+ "url": "https://api.github.com/repos/simplesamlphp/xml-security/zipball/b165928717c51edad19b16a99ac9c6df422ec8bc",
+ "reference": "b165928717c51edad19b16a99ac9c6df422ec8bc",
"shasum": ""
},
"require": {
@@ -1081,7 +1081,7 @@
"ext-spl": "*",
"php": "^8.0",
"simplesamlphp/assert": "^1.0.4",
- "simplesamlphp/xml-common": "^1.11.0"
+ "simplesamlphp/xml-common": "^1.11.5"
},
"require-dev": {
"simplesamlphp/simplesamlphp-test-framework": "^1.5.5"
@@ -1118,22 +1118,22 @@
],
"support": {
"issues": "https://github.com/simplesamlphp/xml-security/issues",
- "source": "https://github.com/simplesamlphp/xml-security/tree/v1.6.5"
+ "source": "https://github.com/simplesamlphp/xml-security/tree/v1.6.9"
},
- "time": "2023-05-28T18:49:00+00:00"
+ "time": "2023-06-03T20:50:34+00:00"
},
{
"name": "simplesamlphp/xml-soap",
- "version": "v1.2.0",
+ "version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/xml-soap.git",
- "reference": "ac0d8c03a2f5eaa4d070b2074a80a1448579d7a5"
+ "reference": "a5eb5dff4d1aab8ebc0edc280da853615bd34a2e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/xml-soap/zipball/ac0d8c03a2f5eaa4d070b2074a80a1448579d7a5",
- "reference": "ac0d8c03a2f5eaa4d070b2074a80a1448579d7a5",
+ "url": "https://api.github.com/repos/simplesamlphp/xml-soap/zipball/a5eb5dff4d1aab8ebc0edc280da853615bd34a2e",
+ "reference": "a5eb5dff4d1aab8ebc0edc280da853615bd34a2e",
"shasum": ""
},
"require": {
@@ -1141,10 +1141,10 @@
"ext-pcre": "*",
"php": "^8.0",
"simplesamlphp/assert": "^1.0.4",
- "simplesamlphp/xml-common": "^1.9.0"
+ "simplesamlphp/xml-common": "^1.11.0"
},
"require-dev": {
- "simplesamlphp/simplesamlphp-test-framework": "^1.5.4"
+ "simplesamlphp/simplesamlphp-test-framework": "^1.5.5"
},
"type": "library",
"extra": {
@@ -1172,9 +1172,9 @@
"description": "SimpleSAMLphp library for XML SOAP",
"support": {
"issues": "https://github.com/simplesamlphp/xml-soap/issues",
- "source": "https://github.com/simplesamlphp/xml-soap/tree/v1.2.0"
+ "source": "https://github.com/simplesamlphp/xml-soap/tree/v1.3.0"
},
- "time": "2023-05-19T09:59:49+00:00"
+ "time": "2023-06-03T21:18:58+00:00"
},
{
"name": "symfony/cache",
@@ -3695,16 +3695,16 @@
},
{
"name": "twig/twig",
- "version": "v3.6.0",
+ "version": "v3.6.1",
"source": {
"type": "git",
"url": "https://github.com/twigphp/Twig.git",
- "reference": "106c170d08e8415d78be2d16c3d057d0d108262b"
+ "reference": "7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/twigphp/Twig/zipball/106c170d08e8415d78be2d16c3d057d0d108262b",
- "reference": "106c170d08e8415d78be2d16c3d057d0d108262b",
+ "url": "https://api.github.com/repos/twigphp/Twig/zipball/7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd",
+ "reference": "7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd",
"shasum": ""
},
"require": {
@@ -3750,7 +3750,7 @@
],
"support": {
"issues": "https://github.com/twigphp/Twig/issues",
- "source": "https://github.com/twigphp/Twig/tree/v3.6.0"
+ "source": "https://github.com/twigphp/Twig/tree/v3.6.1"
},
"funding": [
{
@@ -3762,7 +3762,7 @@
"type": "tidelift"
}
],
- "time": "2023-05-03T19:06:57+00:00"
+ "time": "2023-06-08T12:52:13+00:00"
},
{
"name": "webmozart/assert",
@@ -4006,16 +4006,16 @@
},
{
"name": "nikic/php-parser",
- "version": "v4.15.5",
+ "version": "v4.16.0",
"source": {
"type": "git",
"url": "https://github.com/nikic/PHP-Parser.git",
- "reference": "11e2663a5bc9db5d714eedb4277ee300403b4a9e"
+ "reference": "19526a33fb561ef417e822e85f08a00db4059c17"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/11e2663a5bc9db5d714eedb4277ee300403b4a9e",
- "reference": "11e2663a5bc9db5d714eedb4277ee300403b4a9e",
+ "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/19526a33fb561ef417e822e85f08a00db4059c17",
+ "reference": "19526a33fb561ef417e822e85f08a00db4059c17",
"shasum": ""
},
"require": {
@@ -4056,9 +4056,9 @@
],
"support": {
"issues": "https://github.com/nikic/PHP-Parser/issues",
- "source": "https://github.com/nikic/PHP-Parser/tree/v4.15.5"
+ "source": "https://github.com/nikic/PHP-Parser/tree/v4.16.0"
},
- "time": "2023-05-19T20:20:00+00:00"
+ "time": "2023-06-25T14:52:30+00:00"
},
{
"name": "phar-io/manifest",
@@ -4491,16 +4491,16 @@
},
{
"name": "phpunit/phpunit",
- "version": "9.6.8",
+ "version": "9.6.10",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
- "reference": "17d621b3aff84d0c8b62539e269e87d8d5baa76e"
+ "reference": "a6d351645c3fe5a30f5e86be6577d946af65a328"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/17d621b3aff84d0c8b62539e269e87d8d5baa76e",
- "reference": "17d621b3aff84d0c8b62539e269e87d8d5baa76e",
+ "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a6d351645c3fe5a30f5e86be6577d946af65a328",
+ "reference": "a6d351645c3fe5a30f5e86be6577d946af65a328",
"shasum": ""
},
"require": {
@@ -4574,7 +4574,7 @@
"support": {
"issues": "https://github.com/sebastianbergmann/phpunit/issues",
"security": "https://github.com/sebastianbergmann/phpunit/security/policy",
- "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.8"
+ "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.10"
},
"funding": [
{
@@ -4590,7 +4590,7 @@
"type": "tidelift"
}
],
- "time": "2023-05-11T05:14:45+00:00"
+ "time": "2023-07-10T04:04:23+00:00"
},
{
"name": "sebastian/cli-parser",
diff --git a/modules/saml/src/Auth/Source/SP.php b/modules/saml/src/Auth/Source/SP.php
index 8d8bfb9b6fda5cdbcc6dbd785cf5af881ca14503..a0f8403eb7d3dd20b51e56e0fb89d5141147da86 100644
--- a/modules/saml/src/Auth/Source/SP.php
+++ b/modules/saml/src/Auth/Source/SP.php
@@ -14,6 +14,7 @@ use SimpleSAML\SAML2\Exception\ArrayValidationException;
use SimpleSAML\SAML2\Exception\Protocol\{NoAvailableIDPException, NoPassiveException, NoSupportedIDPException};
use SimpleSAML\SAML2\XML\md\ContactPerson;
use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\{Extensions, IDPEntry, IDPList, RequesterID, Scoping};
use SimpleSAML\Store\StoreFactory;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use Symfony\Component\HttpFoundation\{RedirectResponse, Request, Response};
@@ -564,46 +565,57 @@ class SP extends Auth\Source
$ar->setNameIdPolicy($state['saml:NameIDPolicy']);
}
+ $proxyCount = $idpList = null;
$requesterID = [];
/* Only check for real info for Scoping element if we are going to send Scoping element */
if ($this->disable_scoping !== true && $idpMetadata->getOptionalBoolean('disable_scoping', false) !== true) {
+ $idpEntry = [];
if (isset($state['IDPList'])) {
- $ar->setIDPList($state['IDPList']);
+ $idpList = $state['IDPList'];
} elseif (!empty($this->metadata->getOptionalArray('IDPList', []))) {
- $ar->setIDPList($this->metadata->getArray('IDPList'));
+ foreach ($this->metadata->getArray('IDPList') as $entry) {
+ $idpEntry[] = new IDPEntry($entry);
+ }
+ $idpList = new IDPList($idpEntry);
} elseif (!empty($idpMetadata->getOptionalArray('IDPList', []))) {
- $ar->setIDPList($idpMetadata->getArray('IDPList'));
+ foreach ($idpMetadata->getArray('IDPList') as $entry) {
+ $idpEntry[] = new IDPEntry($entry);
+ }
+ $idpList = new IDPList($idpEntry);
}
if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) {
- $ar->setProxyCount($state['saml:ProxyCount']);
+ $proxyCount = $state['saml:ProxyCount'];
} elseif ($idpMetadata->hasValue('ProxyCount')) {
- $ar->setProxyCount($idpMetadata->getInteger('ProxyCount'));
+ $proxyCount = $idpMetadata->getInteger('ProxyCount');
} elseif ($this->metadata->hasValue('ProxyCount')) {
- $ar->setProxyCount($this->metadata->getInteger('ProxyCount'));
+ $proxyCount = $this->metadata->getInteger('ProxyCount');
}
$requesterID = [];
if (isset($state['saml:RequesterID'])) {
- $requesterID = $state['saml:RequesterID'];
+ foreach ($state['saml:RequesterID'] as $requesterId) {
+ $requesterID[] = new RequesterID($requesterId);
+ }
}
if (isset($state['core:SP'])) {
- $requesterID[] = $state['core:SP'];
+ $requesterID[] = new RequesterID($state['core:SP']);
}
} else {
Logger::debug('Disabling samlp:Scoping for ' . var_export($idpMetadata->getString('entityid'), true));
}
- $ar->setRequesterID($requesterID);
+ $scoping = new Scoping($proxyCount, $idpList, $requesterID);
+ $ar->setScoping($scoping);
// If the downstream SP has set extensions then use them.
// Otherwise use extensions that might be defined in the local SP (only makes sense in a proxy scenario)
if (isset($state['saml:Extensions']) && count($state['saml:Extensions']) > 0) {
- $ar->setExtensions($state['saml:Extensions']);
+ $ar->setExtensions(new Extensions($state['saml:Extensions']));
} elseif ($this->metadata->getOptionalArray('saml:Extensions', null) !== null) {
- $ar->setExtensions($this->metadata->getArray('saml:Extensions'));
+ $ar->setExtensions(new Extensions($this->metadata->getArray('saml:Extensions')));
}
$providerName = $this->metadata->getOptionalString("ProviderName", null);
@@ -1014,9 +1026,9 @@ class SP extends Auth\Source
$lr->setDestination($endpoint['Location']);
if (isset($state['saml:logout:Extensions']) && count($state['saml:logout:Extensions']) > 0) {
- $lr->setExtensions($state['saml:logout:Extensions']);
+ $lr->setExtensions(new Extensions($state['saml:logout:Extensions']));
} elseif ($this->metadata->getOptionalArray('saml:logout:Extensions', null) !== null) {
- $lr->setExtensions($this->metadata->getArray('saml:logout:Extensions'));
+ $lr->setExtensions(new Extensions($this->metadata->getArray('saml:logout:Extensions')));
}
$encryptNameId = $idpMetadata->getOptionalBoolean('nameid.encryption', null);
diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php
index 1bb1a0c893541659e1ba204d48671d6bec26bf6a..677c26ca916f1f10e7a84a8d32b4548be7dad053 100644
--- a/modules/saml/src/IdP/SAML2.php
+++ b/modules/saml/src/IdP/SAML2.php
@@ -25,6 +25,7 @@ use Symfony\Component\HttpFoundation\{Request, Response};
use function array_key_exists;
use function array_merge;
+use function array_pop;
use function array_unique;
use function array_unshift;
use function base64_encode;
@@ -419,12 +420,26 @@ class SAML2
$relayState = $request->getRelayState();
$requestId = $request->getId();
- $IDPList = $request->getIDPList();
- $ProxyCount = $request->getProxyCount();
+ $scoping = $request->getScoping();
+
+ $ProxyCount = $scoping->getProxyCount();
if ($ProxyCount !== null) {
$ProxyCount--;
}
- $RequesterID = $request->getRequesterID();
+
+ if ($scoping->getIDPList() !== null) {
+ $IDPList = ($scoping->getIDPList()->toArray())['IDPEntry'];
+ } else {
+ $IDPList = [];
+ }
+
+ $RequesterID = $scoping->getRequesterID();
+ if ($RequesterID !== null) {
+ foreach ($scoping->getRequesterID() as $k => $rid) {
+ $RequesterID[$k] = array_pop($rid->toArray());
+ }
+ }
+
$forceAuthn = $request->getForceAuthn();
$isPassive = $request->getIsPassive();
$consumerURL = $request->getAssertionConsumerServiceURL();
@@ -434,16 +449,8 @@ class SAML2
$authnContext = $request->getRequestedAuthnContext();
$nameIdPolicy = $request->getNameIdPolicy();
- if (isset($nameIdPolicy['Format'])) {
- $nameIDFormat = $nameIdPolicy['Format'];
- } else {
- $nameIDFormat = null;
- }
- if (isset($nameIdPolicy['AllowCreate'])) {
- $allowCreate = $nameIdPolicy['AllowCreate'];
- } else {
- $allowCreate = false;
- }
+ $nameIDFormat = $nameIdPolicy->getFormat();
+ $allowCreate = $nameIdPolicy->getAllowCreate() ?? false;
$idpInit = false;
diff --git a/modules/saml/src/Message.php b/modules/saml/src/Message.php
index 081a0453ad473525ec1a0948e56764798592ca85..e175b44a7d4c66d3605cc61db02cb6e9ee5fe839 100644
--- a/modules/saml/src/Message.php
+++ b/modules/saml/src/Message.php
@@ -485,10 +485,7 @@ class Message
}
$policy = Utils\Config\Metadata::parseNameIdPolicy($nameIdPolicy);
- // empty array signals not to set any NameIdPolicy element
- if ($policy !== []) {
- $ar->setNameIdPolicy($policy);
- }
+ $ar->setNameIdPolicy($policy);
$ar->setForceAuthn($spMetadata->getOptionalBoolean('ForceAuthn', false));
$ar->setIsPassive($spMetadata->getOptionalBoolean('IsPassive', false));
diff --git a/src/SimpleSAML/Utils/Config/Metadata.php b/src/SimpleSAML/Utils/Config/Metadata.php
index 2191928200d7557ab03ca9c3d258bedc9e08c700..cb59fd8d6a3c1f0f1c3f46d282cb436a23fc24db 100644
--- a/src/SimpleSAML/Utils/Config/Metadata.php
+++ b/src/SimpleSAML/Utils/Config/Metadata.php
@@ -7,6 +7,7 @@ namespace SimpleSAML\Utils\Config;
use SimpleSAML\{Configuration, Logger};
use SimpleSAML\SAML2\Constants as C;
use SimpleSAML\SAML2\XML\md\ContactPerson;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
use function in_array;
@@ -129,16 +130,16 @@ class Metadata
/**
* This method parses the different possible values of the NameIDPolicy metadata configuration.
*/
- public static function parseNameIdPolicy(array $nameIdPolicy = null): array
+ public static function parseNameIdPolicy(array $nameIdPolicy = null): ?NameIDPolicy
{
if ($nameIdPolicy === null) {
// when NameIDPolicy is unset or set to null, default to transient
- return ['Format' => C::NAMEID_TRANSIENT, 'AllowCreate' => true];
+ return NameIDPolicy::fromArray(['Format' => C::NAMEID_TRANSIENT, 'AllowCreate' => true]);
}
if ($nameIdPolicy === []) {
// empty array means not to send any NameIDPolicy element
- return [];
+ return null;
}
// handle configurations specifying an array in the NameIDPolicy config option
@@ -152,6 +153,6 @@ class Metadata
$policy['SPNameQualifier'] = $spNameQualifier;
}
- return $policy;
+ return NameIDPolicy::fromArray($policy);
}
}
diff --git a/tests/modules/saml/src/Auth/Source/SPTest.php b/tests/modules/saml/src/Auth/Source/SPTest.php
index eecb8fb4323e549f8f924b976c41bba6007a828f..d32dc0213fec5deed0469f113d758ab97ed185db 100644
--- a/tests/modules/saml/src/Auth/Source/SPTest.php
+++ b/tests/modules/saml/src/Auth/Source/SPTest.php
@@ -14,6 +14,7 @@ use SimpleSAML\SAML2\Constants as C;
use SimpleSAML\SAML2\Exception\Protocol\{NoAvailableIDPException, NoSupportedIDPException};
use SimpleSAML\SAML2\Utils\XPath;
use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\{IDPEntry, IDPList};
use SimpleSAML\Test\Metadata\MetaDataStorageSourceTest;
use SimpleSAML\TestUtils\ClearStateTestCase;
use SimpleSAML\Test\Utils\{ExitTestException, SpTester};
@@ -497,12 +498,12 @@ class SPTest extends ClearStateTestCase
public function testSPIdpListScoping(): void
{
$ar = $this->createAuthnRequest([
- 'IDPList' => ['https://scope.example.com']
+ 'IDPList' => new IDPList([new IDPEntry('https://scope.example.com')]),
]);
$this->assertContains(
- 'https://scope.example.com',
- $ar->getIDPList()
+ (new IDPEntry('https://scope.example.com'))->toArray(),
+ ($ar->getScoping()->getIDPList()->toArray())['IDPEntry'],
);
}
@@ -516,8 +517,8 @@ class SPTest extends ClearStateTestCase
$ar = $this->createAuthnRequest([]);
$this->assertContains(
- 'https://scope.example.com',
- $ar->getIDPList()
+ (new IDPEntry('https://scope.example.com'))->toArray(),
+ ($ar->getScoping()->getIDPList()->toArray())['IDPEntry'],
);
}
@@ -541,8 +542,8 @@ class SPTest extends ClearStateTestCase
} catch (ExitTestException $e) {
['ar' => $ar] = $e->getTestResult();
$this->assertContains(
- 'https://scope.example.com',
- $ar->getIDPList()
+ (new IDPEntry('https://scope.example.com'))->toArray(),
+ ($ar->getScoping()->getIDPList()->toArray())['IDPEntry'],
);
}
}
@@ -555,7 +556,7 @@ class SPTest extends ClearStateTestCase
* @dataProvider getScopingOrders
*/
public function testSPIdpListScopingOrder(
- ?array $stateIdpList,
+ ?IDPList $stateIdpList,
?array $idpConfigArray,
?array $remoteMetadata,
string $expectedScope
@@ -583,8 +584,8 @@ class SPTest extends ClearStateTestCase
['ar' => $ar] = $e->getTestResult();
$this->assertContains(
- $expectedScope,
- $ar->getIDPList()
+ (new IDPEntry($expectedScope))->toArray(),
+ ($ar->getScoping()->getIDPList()->toArray())['IDPEntry'],
);
}
}
@@ -593,34 +594,34 @@ class SPTest extends ClearStateTestCase
{
return [
[
- 'stateIdpList' => ['https//scope1.example.com'],
- 'idpConfigArray' => ['https//scope2.example.com'],
- 'remoteMetadata' => ['https//scope3.example.com'],
- 'expectedScope' => 'https//scope1.example.com'
+ 'stateIdpList' => new IDPList([new IDPEntry('https://scope1.example.com')]),
+ 'idpConfigArray' => ['https://scope2.example.com'],
+ 'remoteMetadata' => ['https://scope3.example.com'],
+ 'expectedScope' => 'https://scope1.example.com'
],
[
'stateIdpList' => null,
- 'idpConfigArray' => ['https//scope2.example.com'],
- 'remoteMetadata' => ['https//scope3.example.com'],
- 'expectedScope' => 'https//scope3.example.com'
+ 'idpConfigArray' => ['https://scope2.example.com'],
+ 'remoteMetadata' => ['https://scope3.example.com'],
+ 'expectedScope' => 'https://scope3.example.com'
],
[
'stateIdpList' => null,
'idpConfigArray' => null,
- 'remoteMetadata' => ['https//scope3.example.com'],
- 'expectedScope' => 'https//scope3.example.com'
+ 'remoteMetadata' => ['https://scope3.example.com'],
+ 'expectedScope' => 'https://scope3.example.com'
],
[
- 'stateIdpList' => ['https//scope1.example.com'],
+ 'stateIdpList' => new IDPList([new IDPEntry('https://scope1.example.com')]),
'idpConfigArray' => null,
- 'remoteMetadata' => ['https//scope3.example.com'],
- 'expectedScope' => 'https//scope1.example.com'
+ 'remoteMetadata' => ['https://scope3.example.com'],
+ 'expectedScope' => 'https://scope1.example.com'
],
[
- 'stateIdpList' => ['https//scope1.example.com'],
- 'idpConfigArray' => ['https//scope2.example.com'],
+ 'stateIdpList' => new IDPList([new IDPEntry('https://scope1.example.com')]),
+ 'idpConfigArray' => ['https://scope2.example.com'],
'remoteMetadata' => null,
- 'expectedScope' => 'https//scope1.example.com'
+ 'expectedScope' => 'https://scope1.example.com'
]
];
}
diff --git a/tests/src/SimpleSAML/Utils/Config/MetadataTest.php b/tests/src/SimpleSAML/Utils/Config/MetadataTest.php
index 1916e11a3a5946031cf8f11e1627e80b1e18193f..cdb748d446ed22aedaf59c4f61b957c270cd8594 100644
--- a/tests/src/SimpleSAML/Utils/Config/MetadataTest.php
+++ b/tests/src/SimpleSAML/Utils/Config/MetadataTest.php
@@ -9,6 +9,7 @@ use InvalidArgumentException;
use PHPUnit\Framework\TestCase;
use SimpleSAML\SAML2\Constants as C;
use SimpleSAML\SAML2\XML\md\ContactPerson;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
use SimpleSAML\Utils\Config\Metadata;
use TypeError;
@@ -60,72 +61,18 @@ class MetadataTest extends TestCase
/**
- * Test \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy().
- * Set to specific arrays.
+ * @covers \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy
*/
public function testParseNameIdPolicy(): void
{
- $nameIdPolicy = [
- 'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
- 'AllowCreate' => false
- ];
- $this->assertEquals([
- 'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
- 'AllowCreate' => false
- ], Metadata::parseNameIdPolicy($nameIdPolicy));
+ $this->assertNull(Metadata::parseNameIdPolicy([]));
+ $this->assertInstanceOf(NameIDPolicy::class, Metadata::parseNameIdPolicy());
$nameIdPolicy = [
'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
'AllowCreate' => false,
'SPNameQualifier' => 'TEST'
];
- $this->assertEquals([
- 'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
- 'AllowCreate' => false,
- 'SPNameQualifier' => 'TEST'
- ], Metadata::parseNameIdPolicy($nameIdPolicy));
- }
-
- /**
- * Test \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy().
- * Test with settings that produce the fallback defaults.
- */
- public function testParseNameIdPolicyDefaults(): void
- {
- // Test null or unset
- $nameIdPolicy = null;
- $this->assertEquals([
- 'Format' => C::NAMEID_TRANSIENT,
- 'AllowCreate' => true
- ], Metadata::parseNameIdPolicy($nameIdPolicy));
-
- $nameIdPolicy = [
- 'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
- ];
- $this->assertEquals([
- 'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
- 'AllowCreate' => true
- ], Metadata::parseNameIdPolicy($nameIdPolicy));
-
- $nameIdPolicy = [
- 'AllowCreate' => false,
- ];
- $this->assertEquals([
- 'Format' => C::NAMEID_TRANSIENT,
- 'AllowCreate' => false
- ], Metadata::parseNameIdPolicy($nameIdPolicy));
- }
-
- /**
- * Test \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy().
- * Test with setting to empty array (meaning to not send any NameIdPolicy).
- */
- public function testParseNameIdPolicyEmpty(): void
- {
- $nameIdPolicy = [];
- $this->assertEquals(
- [],
- Metadata::parseNameIdPolicy($nameIdPolicy)
- );
+ $this->assertInstanceOf(NameIDPolicy::class, Metadata::parseNameIdPolicy($nameIdPolicy));
}
}