From b27a8c30f9a0549e2db6abf8e83e4b83ba6b792c Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 1 Oct 2009 11:45:27 +0000
Subject: [PATCH] saml2_Message: Decrypt the NameID element if it is encrypted.

Fixes issue 206

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1811 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml2/lib/Message.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index c49f5ce34..6c44a9cf9 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -754,6 +754,18 @@ class sspmod_saml2_Message {
 			$assertion->setAttributes($newAttributes);
 		}
 
+
+		/* Decrypt the NameID element if it is encrypted. */
+		if ($assertion->isNameIdEncrypted()) {
+			try {
+				$key = self::getDecryptionKey($idpMetadata, $spMetadata);
+			} catch (Exception $e) {
+				throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage());
+			}
+
+			$assertion->decryptNameId($key);
+		}
+
 		return $assertion;
 	}
 
-- 
GitLab