From dab61cc8d5e1d24ddc551756866ab0a3463c4dac Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Thu, 15 Nov 2018 10:47:29 +0000
Subject: [PATCH] Also add SP-side docs and changelog

---
 docs/simplesamlphp-changelog.md | 3 +++
 modules/saml/docs/sp.md         | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index de68e2807..c29ee8640 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -316,6 +316,9 @@ Released 2017-11-20
     refuse to parse an assertion with an eduPersonTargetedID in 'string' format.
   * Receiving an eduPersonTargetedID in string form will no longer break
     parsing of the assertion.
+  * Can disable the Scoping element in SP and remote IdP configuration with the
+    `disable_scoping` option, for compatibility with ADFS which does not accept
+    the element.
 
 ### `smartattributes`
   * Fix SmartName authproc that failed to load.
diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 9ee03c584..96f8fd510 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -196,6 +196,15 @@ Options
 
 :   *Note*: For this to be added to the metadata, you must also specify the `attributes` and `name` options.
 
+`disable_scoping`
+:    Whether sending of samlp:Scoping elements in authentication requests should be suppressed. The default value is `FALSE`.
+     When set to `TRUE`, no scoping elements will be sent. This does not comply with the SAML2 specification, but allows
+     interoperability with ADFS which [does not support Scoping elements](https://docs.microsoft.com/en-za/azure/active-directory/develop/active-directory-single-sign-on-protocol-reference#scoping).
+
+:   Note that this option also exists in the IdP remote configuration. An
+    entry in the the IdP-remote metadata overrides this the option in the
+    SP configuration.
+
 `discoURL`
 :   Set which IdP discovery service this SP should use.
     If this is unset, the IdP discovery service specified in the global option `idpdisco.url.{saml20|shib13}` in `config/config.php` will be used.
-- 
GitLab