From bdb1181b5de8a8388d7a78fd9a7d70a173ac5801 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 27 Oct 2008 09:43:57 +0000
Subject: [PATCH] Metadata: Convert between WantAuthnRequestsSigned and
 redirect.sign metadata options.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@944 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Metadata/SAMLBuilder.php |  4 ++++
 lib/SimpleSAML/Metadata/SAMLParser.php  | 11 +++++++++++
 2 files changed, 15 insertions(+)

diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index b978d6f6a..1bf1568ea 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -153,6 +153,10 @@ class SimpleSAML_Metadata_SAMLBuilder {
 		$e = $this->createElement('IDPSSODescriptor');
 		$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
+		if (array_key_exists('redirect.sign', $metadata) && $metadata['redirect.sign']) {
+			$e->setAttribute('WantAuthnRequestSigned', 'true');
+		}
+
 		$this->addCertificate($e, $metadata);
 
 		if (array_key_exists('SingleLogoutService', $metadata)) {
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 5c1ce47a2..d1bb42477 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -647,6 +647,7 @@ class SimpleSAML_Metadata_SAMLParser {
 
 		$ret['name'] = $this->entityId;
 
+
 		/* Find IdP information which supports the SAML 2.0 protocol. */
 		$idp = $this->getIdPDescriptors(self::$SAML20Protocols);
 		if(count($idp) === 0) {
@@ -661,6 +662,11 @@ class SimpleSAML_Metadata_SAMLParser {
 			$ret['expire'] = $idp['expire'];
 		}
 
+		/* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */
+		if ($idp['wantAuthnRequestsSigned']) {
+			$ret['redirect.sign'] = TRUE;
+		}
+
 		/* Find the SSO service endpoint. */
 		$sso = $this->getDefaultEndpoint($idp['singleSignOnServices'], array(self::SAML_20_REDIRECT_BINDING));
 		if($sso === NULL) {
@@ -842,6 +848,11 @@ class SimpleSAML_Metadata_SAMLParser {
 			$idp['singleSignOnServices'][] = self::parseSingleSignOnService($child);
 		}
 
+		if ($element->getAttribute('WantAuthnRequestsSigned') === 'true') {
+			$idp['wantAuthnRequestsSigned'] = TRUE;
+		} else {
+			$idp['wantAuthnRequestsSigned'] = FALSE;
+		}
 
 		$this->idpDescriptors[] = $idp;
 	}
-- 
GitLab