Metadata: Convert between WantAuthnRequestsSigned and redirect.sign metadata options.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@944 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Metadata/SAMLBuilder.php

@@ -153,6 +153,10 @@ class SimpleSAML_Metadata_SAMLBuilder {
 		$e = $this->createElement('IDPSSODescriptor');
 		$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
+		if (array_key_exists('redirect.sign', $metadata) && $metadata['redirect.sign']) {
+			$e->setAttribute('WantAuthnRequestSigned', 'true');
+		}
+
 		$this->addCertificate($e, $metadata);
 
 		if (array_key_exists('SingleLogoutService', $metadata)) {

lib/SimpleSAML/Metadata/SAMLParser.php

@@ -647,6 +647,7 @@ class SimpleSAML_Metadata_SAMLParser {
 
 		$ret['name'] = $this->entityId;
 
+
 		/* Find IdP information which supports the SAML 2.0 protocol. */
 		$idp = $this->getIdPDescriptors(self::$SAML20Protocols);
 		if(count($idp) === 0) {
@@ -661,6 +662,11 @@ class SimpleSAML_Metadata_SAMLParser {
 			$ret['expire'] = $idp['expire'];
 		}
 
+		/* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */
+		if ($idp['wantAuthnRequestsSigned']) {
+			$ret['redirect.sign'] = TRUE;
+		}
+
 		/* Find the SSO service endpoint. */
 		$sso = $this->getDefaultEndpoint($idp['singleSignOnServices'], array(self::SAML_20_REDIRECT_BINDING));
 		if($sso === NULL) {
@@ -842,6 +848,11 @@ class SimpleSAML_Metadata_SAMLParser {
 			$idp['singleSignOnServices'][] = self::parseSingleSignOnService($child);
 		}
 
+		if ($element->getAttribute('WantAuthnRequestsSigned') === 'true') {
+			$idp['wantAuthnRequestsSigned'] = TRUE;
+		} else {
+			$idp['wantAuthnRequestsSigned'] = FALSE;
+		}
 
 		$this->idpDescriptors[] = $idp;
 	}