From 9c7b64f2098cd6fef75bacda4e10a33c618302d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 13 Feb 2008 09:35:58 +0000
Subject: [PATCH] Adding SPNameQualifier again since some implementations need
it.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@287 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 20 ++++++++++++++------
lib/SimpleSAML/XML/SAML20/LogoutRequest.php | 8 +++++++-
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index d0e8ccaec..8da4453c5 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -492,6 +492,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
*/
$base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false;
$nameidformat = isset($spmd['NameIDFormat']) ? $spmd['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
+ $spnamequalifier = isset($spmd['SPNameQualifier']) ? $spmd['SPNameQualifier'] : $spmd['entityid'];
$encodedattributes = '';
foreach ($attributes AS $name => $values) {
@@ -510,9 +511,9 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
*/
$nameid = null;
if ($nameidformat == self::EMAIL) {
- $nameid = $this->generateNameID($nameidformat, $attributes[$spmd['simplesaml.nameidattribute']][0]);
+ $nameid = $this->generateNameID($nameidformat, $attributes[$spmd['simplesaml.nameidattribute']][0], $spnamequalifier);
} else {
- $nameid = $this->generateNameID($nameidformat, self::generateID());
+ $nameid = $this->generateNameID($nameidformat, self::generateID(), $spnamequalifier);
}
/**
@@ -562,13 +563,20 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
private function generateNameID($type = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
- $value = 'anonymous') {
-
+ $value = 'anonymous', $spnamequalifier = null) {
+
+ $spnamequalifiertext = '';
+ if (!empty($spnamequalifier)) {
+ $spnamequalifiertext = ' SPNameQualifier="' . htmlspecialchars($spnamequalifier) . '"';
+ }
+
if ($type == self::EMAIL) {
- return '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">' . htmlspecialchars($value) . '</saml:NameID>';
+ return '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"' .
+ $spnamequalifiertext . '>' . htmlspecialchars($value) . '</saml:NameID>';
} else {
- return '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">' . htmlspecialchars($value). '</saml:NameID>';
+ return '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"' .
+ $spnamequalifiertext. '>' . htmlspecialchars($value). '</saml:NameID>';
}
}
diff --git a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
index 974ce533b..9b38ac286 100644
--- a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
@@ -121,6 +121,12 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
$issuermd = $this->metadata->getMetaData($issuer, $issuerset);
$receivermd = $this->metadata->getMetaData($receiver, $receiverset);
+ if ($mode == 'IdP') {
+ $spnamequalifier = isset($receivermd['SPNameQualifier']) ? $receivermd['SPNameQualifier'] : $receivermd['entityid'];
+ } else {
+ $spnamequalifier = isset($issuermd['SPNameQualifier']) ? $issuermd['SPNameQualifier'] : $issuermd['entityid'];
+ }
+
$id = self::generateID();
$issueInstant = self::generateIssueInstant();
@@ -133,7 +139,7 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
Destination="' . htmlspecialchars($destination) . '"
IssueInstant="' . $issueInstant . '">
<saml:Issuer >' . htmlspecialchars($issuer) . '</saml:Issuer>
- <saml:NameID Format="' . htmlspecialchars($nameid['Format']) . '">' . htmlspecialchars($nameid['value']) . '</saml:NameID>
+ <saml:NameID Format="' . htmlspecialchars($nameid['Format']) . '" SPNameQualifier="' . htmlspecialchars($spnamequalifier) . '">' . htmlspecialchars($nameid['value']) . '</saml:NameID>
<samlp:SessionIndex>' . htmlspecialchars($sessionindex) . '</samlp:SessionIndex>
</samlp:LogoutRequest>
';
--
GitLab