From cad0adc5ffec59d45d34f104b8508de13ecf6803 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez?= <jaime.perez@uninett.no>
Date: Tue, 22 Nov 2016 11:02:37 +0100
Subject: [PATCH] bugfix: bugfix: Make sure empty strings are not acceptable
 for NameID generation.

This resolves #519.
---
 modules/saml/lib/Auth/Process/SQLPersistentNameID.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index 28d92f83a..a2c862fe4 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -133,6 +133,13 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
         $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $uid = $uid[0];
 
+        if (empty($uid)) {
+            SimpleSAML\Logger::warning(
+                'Empty value in attribute '.var_export($this->attribute, true).
+                ' on user - not generating persistent NameID.'
+            );
+            return null;
+        }
 
         $value = sspmod_saml_IdP_SQLNameID::get($idpEntityId, $spEntityId, $uid);
         if ($value !== null) {
-- 
GitLab