From 8ee50170a1eab20daf3097ee0f8e535fff262661 Mon Sep 17 00:00:00 2001
From: gyufi <gyufi@sztaki.hu>
Date: Thu, 8 Jun 2017 16:50:21 +0200
Subject: [PATCH] SAMLBuilder AttributeAuthorityDescriptor prevent from empty
 protocolSupportEnumeration.

---
 lib/SimpleSAML/Metadata/SAMLBuilder.php       |  2 +-
 .../SimpleSAML/Metadata/SAMLBuilderTest.php   | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 90451b713..641d59012 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -646,7 +646,7 @@ class SimpleSAML_Metadata_SAMLBuilder
         $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
 
         $e = new \SAML2\XML\md\AttributeAuthorityDescriptor();
-        $e->protocolSupportEnumeration = $metadata->getArray('protocols', array());
+        $e->protocolSupportEnumeration = $metadata->getArray('protocols', array('urn:oasis:names:tc:SAML:2.0:protocol'));
 
         $this->addExtensions($metadata, $e);
         $this->addCertificate($e, $metadata);
diff --git a/tests/lib/SimpleSAML/Metadata/SAMLBuilderTest.php b/tests/lib/SimpleSAML/Metadata/SAMLBuilderTest.php
index 8f0fdddb3..e958667c7 100644
--- a/tests/lib/SimpleSAML/Metadata/SAMLBuilderTest.php
+++ b/tests/lib/SimpleSAML/Metadata/SAMLBuilderTest.php
@@ -134,4 +134,52 @@ class SimpleSAML_Metadata_SAMLBuilderTest extends PHPUnit_Framework_TestCase
             $this->assertEquals($keys[$c], $curAttribute->getAttribute("FriendlyName"));
         }
     }
+
+    /**
+     * Test the required protocolSupportEnumeration in AttributeAuthorityDescriptor
+     */
+    public function testProtocolSupportEnumeration()
+    {
+        $entityId = 'https://entity.example.com/id';
+        $set = 'attributeauthority-remote';
+
+        // without protocolSupportEnumeration fallback to default: urn:oasis:names:tc:SAML:2.0:protocol
+        $metadata = array(
+            'entityid'     => $entityId,
+            'name'         => array('en' => 'Test AA'),
+            'metadata-set' => $set,
+            'AttributeService' =>
+                array (
+                    0 =>
+                        array (
+                            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
+                            'Location' => 'https://entity.example.com:8443/idp/profile/SAML2/SOAP/AttributeQuery',
+                        ),
+                ),
+            );
+
+        $samlBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId);
+        $samlBuilder->addMetadata($set, $metadata);
+        $entityDescriptorXml = $samlBuilder->getEntityDescriptorText();
+
+        $this->assertRegExp(
+            '/<md:AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">/',
+            $entityDescriptorXml
+        );
+
+        // explicit protocols
+        $metadata['protocols'] =
+            array(
+                0 => 'urn:oasis:names:tc:SAML:1.1:protocol',
+                1 => 'urn:oasis:names:tc:SAML:2.0:protocol',
+            );
+        $samlBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId);
+        $samlBuilder->addMetadata($set, $metadata);
+        $entityDescriptorXml = $samlBuilder->getEntityDescriptorText();
+
+        $this->assertRegExp(
+            '/<md:AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">/',
+            $entityDescriptorXml
+        );
+    }
 }
-- 
GitLab