From 92cae5727d3feb1f6fb98b06f9607b37d8f290e4 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 2 Sep 2013 12:06:03 +0000
Subject: [PATCH] SAML2: Add Scoping-element to AuthnRequest even if IDPList
 isn't specified.

The Scoping-element should be added as soom as we want to include
RequesterID, IDPList or ProxyCount in the message. We must therefore
add it even if IDPList isn't specified.

Thanks to Lucas van Lierop for finding this bug!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3265 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/AuthnRequest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
index f945cddda..8d57760b1 100644
--- a/lib/SAML2/AuthnRequest.php
+++ b/lib/SAML2/AuthnRequest.php
@@ -467,6 +467,7 @@ class SAML2_AuthnRequest extends SAML2_Request {
 
 		if ($this->ProxyCount !== null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
 			$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
+			$root->appendChild($scoping);
 			if ($this->ProxyCount !== null) {
 				$scoping->setAttribute('ProxyCount', $this->ProxyCount);
 			}
@@ -478,7 +479,6 @@ class SAML2_AuthnRequest extends SAML2_Request {
 					$idplist->appendChild($idpEntry);
 				}
 				$scoping->appendChild($idplist);
-				$root->appendChild($scoping);
 			}
 			if (count($this->RequesterID) > 0) {
 				SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID);
-- 
GitLab