From bd5ede946217dc8a32f9d11ec1b7e45ea18558ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez?= <jaime.perez@uninett.no>
Date: Wed, 10 Aug 2016 13:23:51 +0200
Subject: [PATCH] bugfix: Avoid the SAML2 IdP resilient to failures when
 getting DOMNodeList attribute values.

Due to recent changes in the SAML2 library, when an attribute has a value that contains XML, its contents are returned as a DOMNodeList instead of a string. This causes problems when running as a proxy, since the SAML2 IdP will obtain attributes in a format that cannot be cast to string. Regardless of the attribute encoding configured in the IdP for a remote SP, we should handle those cases gracefully, so that the IdP don't end up in an uncaught exception.
---
 modules/saml/lib/IdP/SAML2.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index d614a3f95..20897dcf3 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -698,12 +698,17 @@ class sspmod_saml_IdP_SAML2 {
                     continue;
                 }
 
+				$attrval = $value;
+				if ($value instanceof DOMNodeList) {
+					$attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
+				}
+
 				switch ($encoding) {
 				case 'string':
-					$value = (string)$value;
+					$value = (string)$attrval;
 					break;
 				case 'base64':
-					$value = base64_encode((string)$value);
+					$value = base64_encode((string)$attrval);
 					break;
 				case 'raw':
 					if (is_string($value)) {
-- 
GitLab