From c99865b322b4b3972922b0a5f8ca90369266b62f Mon Sep 17 00:00:00 2001
From: Jaime Perez <jaime.perez@uninett.no>
Date: Wed, 18 Jun 2014 14:25:08 +0200
Subject: [PATCH] Remove 'saml2.relaxvalidation' option from documentation.
This feature was removed back in 2009. Fixes #78.
---
docs/simplesamlphp-reference-idp-remote.txt | 9 ---------
modules/saml/lib/Message.php | 2 +-
2 files changed, 1 insertion(+), 10 deletions(-)
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index 8235dee9d..dce749899 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -119,15 +119,6 @@ The following SAML 2.0 options are available:
entry in the IdP-remote metadata overrides the option in the
[SP configuration](./saml:sp).
-`saml2.relaxvalidation`
-: Can be used to relax some parts of the validation of assertions received from this IdP. This is an array, and can include one or more of the following flags:
-
- - `unknowncondition` - Disables errors when encountering unknown <Condition> nodes.
- - `nosubject` - Ignore missing <Subject> in <Assertion>.
- - `noconditions` - Ignore missing <Conditions> in <Assertion>.
- - `noauthnstatement` - Ignore missing <AuthnStatement> in <Assertion>.
- - `noattributestatement` - Ignore missing <AttributeStatement> in <Assertion>.
-
`sign.authnrequest`
: Whether to sign authentication requests sent to this IdP.
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 65d8365be..2f4bb6462 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -316,7 +316,7 @@ class sspmod_saml_Message {
$blacklist = $srcMetadata->getArray('encryption.blacklisted-algorithms', NULL);
if ($blacklist === NULL) {
- $blacklist = $dstMetadata->getArray('encryption.blacklisted-algorithms', array(XMLSecurityKey::RSA_1_5));
+ $blacklist = $dstMetadata->getArray('encryption.blacklisted-algorithms', array(XMLSecurityKey::RSA_1_5g));
}
return $blacklist;
}
--
GitLab