From 4fdb5a3c392fea25c2158b62ee7af35a1339898b Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Fri, 8 Mar 2019 11:37:08 +0000
Subject: [PATCH] metadata: Make the documentid a hash over the document
 contents, so it does not change on every page load

---
 lib/SimpleSAML/Metadata/Signer.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index 98806d562..ecb95441f 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -262,6 +262,7 @@ class Signer
 
         // get the EntityDescriptor node we should sign
         $rootNode = $xml->firstChild;
+        $rootNode->setAttribute('ID', '_'.hash('sha256', $metadataString));
 
         // sign the metadata with our private key
         $objXMLSecDSig = new XMLSecurityDSig();
@@ -272,7 +273,7 @@ class Signer
             [$rootNode],
             $signature_cf['digest'],
             ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N],
-            ['id_name' => 'ID']
+            ['id_name' => 'ID', 'overwrite' => false]
         );
 
         $objXMLSecDSig->sign($objKey);
-- 
GitLab