Skip to content
Snippets Groups Projects
Commit d66c342d authored by Olav Morken's avatar Olav Morken
Browse files

saml: Obey the NameIDFormat from the AuthnRequest.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2338 44740490-163a-0410-bde0-09ae8108e29a
parent d71b0b93
No related branches found
No related tags found
No related merge requests found
...@@ -180,6 +180,13 @@ class sspmod_saml_IdP_SAML2 { ...@@ -180,6 +180,13 @@ class sspmod_saml_IdP_SAML2 {
} else { } else {
$protocolBinding = NULL; $protocolBinding = NULL;
} }
if (isset($_REQUEST['NameIDFormat'])) {
$nameIDFormat = (string)$_REQUEST['NameIDFormat'];
} else {
$nameIDFormat = NULL;
}
$requestId = NULL; $requestId = NULL;
$IDPList = array(); $IDPList = array();
$forceAuthn = FALSE; $forceAuthn = FALSE;
...@@ -253,6 +260,12 @@ class sspmod_saml_IdP_SAML2 { ...@@ -253,6 +260,12 @@ class sspmod_saml_IdP_SAML2 {
$consumerURL = $request->getAssertionConsumerServiceURL(); $consumerURL = $request->getAssertionConsumerServiceURL();
$protocolBinding = $request->getProtocolBinding(); $protocolBinding = $request->getProtocolBinding();
$nameIdPolicy = $request->getNameIdPolicy();
if (isset($nameIdPolicy['Format'])) {
$nameIDFormat = $nameIdPolicy['Format'];
} else {
$nameIDFormat = NULL;
}
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '. var_export($spEntityId, TRUE)); SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '. var_export($spEntityId, TRUE));
} }
...@@ -324,6 +337,7 @@ class sspmod_saml_IdP_SAML2 { ...@@ -324,6 +337,7 @@ class sspmod_saml_IdP_SAML2 {
'isPassive' => $isPassive, 'isPassive' => $isPassive,
'saml:ConsumerURL' => $consumerURL, 'saml:ConsumerURL' => $consumerURL,
'saml:Binding' => $protocolBinding, 'saml:Binding' => $protocolBinding,
'saml:NameIDFormat' => $nameIDFormat,
); );
$idp->handleAuthenticationRequest($state); $idp->handleAuthenticationRequest($state);
......
...@@ -617,7 +617,16 @@ class sspmod_saml2_Message { ...@@ -617,7 +617,16 @@ class sspmod_saml2_Message {
/* Generate the NameID for the assertion. */ /* Generate the NameID for the assertion. */
$nameIdFormat = $dstMetadata->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'); if (isset($state['saml:NameIDFormat'])) {
$nameIdFormat = $state['saml:NameIDFormat'];
} else {
$nameIdFormat = NULL;
}
if ($nameIdFormat === NULL || !isset($state['saml:NameID'][$nameIdFormat])) {
/* Either not set in request, or not set to a format we supply. Fall back to old generation method. */
$nameIdFormat = $dstMetadata->getString('NameIDFormat', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
}
if (isset($state['saml:NameID'][$nameIdFormat])) { if (isset($state['saml:NameID'][$nameIdFormat])) {
$nameId = $state['saml:NameID'][$nameIdFormat]; $nameId = $state['saml:NameID'][$nameIdFormat];
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment