From bfdbb6da9d51130bc6cf72d11cbffc7292192733 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 7 Mar 2011 13:24:52 +0000
Subject: [PATCH] SAML:IdP: Encrypt NameID in Assertion.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2749 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/IdP/SAML2.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 60fc77f8e..46026579f 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -48,7 +48,7 @@ class sspmod_saml_IdP_SAML2 {
 			'Handler' => 'sspmod_saml_IdP_SAML2',
 			'Expires' => $assertion->getSessionNotOnOrAfter(),
 			'saml:entityID' => $spEntityId,
-			'saml:NameID' => $assertion->getNameId(),
+			'saml:NameID' => $state['saml:idp:NameID'],
 			'saml:SessionIndex' => $assertion->getSessionIndex(),
 		);
 
@@ -658,8 +658,18 @@ class sspmod_saml_IdP_SAML2 {
 			);
 		}
 
+		$state['saml:idp:NameID'] = $nameId;
+
 		$a->setNameId($nameId);
 
+		$encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL);
+		if ($encryptNameId === NULL) {
+			$encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE);
+		}
+		if ($encryptNameId) {
+			$a->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
+		}
+
 		return $a;
 	}
 
-- 
GitLab