saml2_Message: Decrypt the NameID element if it is encrypted.

Fixes issue 206 git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1811 44740490-163a-0410-bde0-09ae8108e29a

saml2_Message: Decrypt the NameID element if it is encrypted.
Fixes issue 206 git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1811 44740490-163a-0410-bde0-09ae8108e29a
b27a8c30 · Olav Morken · d7fa94f0 · b27a8c30
Commit b27a8c30 authored 15 years ago by Olav Morken
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -754,6 +754,18 @@ class sspmod_saml2_Message {
 			$assertion->setAttributes($newAttributes);
 		}

+
+		/* Decrypt the NameID element if it is encrypted. */
+		if ($assertion->isNameIdEncrypted()) {
+			try {
+				$key = self::getDecryptionKey($idpMetadata, $spMetadata);
+			} catch (Exception $e) {
+				throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage());
+			}
+
+			$assertion->decryptNameId($key);
+		}
+
 		return $assertion;
 	}