From 7c5e8647b28ec847003b3be043d9834854146642 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 6 Sep 2011 13:05:16 +0000
Subject: [PATCH] IdP-proxy: Avoid unnecessary reauthentication with IDPList.

Don't always reauthenticate with the upstream IdP when IDPList parameter is
specified in the authentication request.

Patch by Benjamin Andersen.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2893 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/IdP.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index 82e001fa2..de19898bf 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -380,7 +380,7 @@ class SimpleSAML_IdP {
 			/* Force authentication is in effect. */
 			$needAuth = TRUE;
 		} elseif (isset($state['saml:IDPList']) && sizeof($state['saml:IDPList']) > 0) {
-			$needAuth = TRUE;
+			$needAuth = !in_array($this->authSource->getAuthData('saml:sp:IdP'), $state['saml:IDPList'], TRUE);
 		} else {
 			$needAuth = !$this->isAuthenticated();
 		}
-- 
GitLab