From d145cb7b2ea4c00f6e7907f71a3541a92ad471c6 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Wed, 5 Aug 2015 10:26:25 +0200
Subject: [PATCH] Add a 'hide.from.discovery' configuration option for remote
 IdP metadata. This allows to hide an IdP from the discovery service. Defaults
 to false, so every IdP in the metadata that doesn't have this option set to
 true will be listed.

---
 docs/simplesamlphp-reference-idp-remote.txt |  3 +++
 lib/SimpleSAML/XHTML/IdPDisco.php           | 26 ++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index 0ecf9e03a..078b3ce51 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -111,6 +111,9 @@ The following SAML 2.0 options are available:
     discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
     you make use of this option.
 
+`hide.from.discovery`
+:   Whether to hide hide this IdP from the local discovery or not. Set to true to hide it. Defaults to false.
+
 `nameid.encryption`
 :   Whether NameIDs sent to this IdP should be encrypted. The default
     value is `FALSE`.
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index 8b084f315..e93d193a7 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -448,7 +448,30 @@ class SimpleSAML_XHTML_IdPDisco {
 	protected function getScopedIDPList() {
 		return $this->scopedIDPList;
 	}
-	
+
+
+	/**
+	 * Filter the list of IdPs.
+	 *
+	 * This method returns the IdPs that comply with the following conditions:
+	 *   - The IdP does not have the 'hide.from.discovery' configuration option.
+	 *
+	 * @param array $list An associative array containing metadata for the IdPs to apply the filtering to.
+	 *
+	 * @return array An associative array containing metadata for the IdPs that were not filtered out.
+	 */
+	protected function filter($list)
+	{
+		foreach ($list as $entity => $metadata) {
+			if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) {
+				unset($list[$entity]);
+			}
+		}
+		return $list;
+	}
+
+
+
 	/**
 	 * Handles a request to this discovery service.
 	 *
@@ -487,6 +510,7 @@ class SimpleSAML_XHTML_IdPDisco {
 		/* No choice made. Show discovery service page. */
 
 		$idpList = $this->getIdPList();
+		$idpList = $this->filter($idpList);
 		$preferredIdP = $this->getRecommendedIdP();
 
 		$idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList());
-- 
GitLab