PasswordProtectedTransport authncontext when HTTPS

Following up on the idea mentioned in #937: If the transport is secure fall back to the `PasswordProtectedTransport` authn context class ref, otherwise keep the current default of `Password`. Requires a version of the SAML2 library with simplesamlphp/saml2#129 merged due to the reference on a newly defined Constant.

PasswordProtectedTransport authncontext when HTTPS
Following up on the idea mentioned in #937: If the transport is secure fall back to the `PasswordProtectedTransport` authn context class ref, otherwise keep the current default of `Password`. Requires a version of the SAML2 library with simplesamlphp/saml2#129 merged due to the reference on a newly defined Constant.
96b18557 · peter · 71100b3c · 96b18557
Commit 96b18557 authored 6 years ago by peter
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -897,6 +897,8 @@ class SAML2

        if (isset($state['saml:AuthnContextClassRef'])) {
            $a->setAuthnContextClassRef($state['saml:AuthnContextClassRef']);
+        } elseif (\SimpleSAML\Utils\HTTP::isHTTPS()) {
+            $a->setAuthnContextClassRef(\SAML2\Constants::AC_PASSWORD_PROTECTED_TRANSPORT);
        } else {
            $a->setAuthnContextClassRef(\SAML2\Constants::AC_PASSWORD);
        }