From afc89910ab5ec50e2e252d319341955caccd3920 Mon Sep 17 00:00:00 2001
From: Guy Halse <guy@tenet.ac.za>
Date: Tue, 16 May 2017 11:17:22 +0200
Subject: [PATCH] Extend @mapgrady's patch for simplesamlphp/simplesamlphp#498
 to allow Scoping to be disabled on a per-idp basis as well as globally

---
 modules/saml/lib/Auth/Source/SP.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 5ad11ef17..84f34b5eb 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -253,7 +253,7 @@ class SP extends Source
         $requesterID = array();
 
         /* Only check for real info for Scoping element if we are going to send Scoping element */
-        if ($this->disable_scoping != true) {
+        if ($this->disable_scoping != true && $idpMetadata->getBoolean('disable_scoping', false) != true) {
             if (isset($state['saml:IDPList'])) {
                 $IDPList = $state['saml:IDPList'];
             }
@@ -275,7 +275,7 @@ class SP extends Source
                 $requesterID[] = $state['core:SP'];
             }
         } else {
-            $IDPList = [];
+            \SimpleSAML\Logger::debug('Disabling samlp:Scoping for ' . var_export($idpMetadata->getString('entityid'), TRUE));
         }
 
         $ar->setIDPList(
-- 
GitLab