From 4fdb5a3c392fea25c2158b62ee7af35a1339898b Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Fri, 8 Mar 2019 11:37:08 +0000 Subject: [PATCH] metadata: Make the documentid a hash over the document contents, so it does not change on every page load --- lib/SimpleSAML/Metadata/Signer.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php index 98806d562..ecb95441f 100644 --- a/lib/SimpleSAML/Metadata/Signer.php +++ b/lib/SimpleSAML/Metadata/Signer.php @@ -262,6 +262,7 @@ class Signer // get the EntityDescriptor node we should sign $rootNode = $xml->firstChild; + $rootNode->setAttribute('ID', '_'.hash('sha256', $metadataString)); // sign the metadata with our private key $objXMLSecDSig = new XMLSecurityDSig(); @@ -272,7 +273,7 @@ class Signer [$rootNode], $signature_cf['digest'], ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N], - ['id_name' => 'ID'] + ['id_name' => 'ID', 'overwrite' => false] ); $objXMLSecDSig->sign($objKey); -- GitLab