From dab61cc8d5e1d24ddc551756866ab0a3463c4dac Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Thu, 15 Nov 2018 10:47:29 +0000 Subject: [PATCH] Also add SP-side docs and changelog --- docs/simplesamlphp-changelog.md | 3 +++ modules/saml/docs/sp.md | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md index de68e2807..c29ee8640 100644 --- a/docs/simplesamlphp-changelog.md +++ b/docs/simplesamlphp-changelog.md @@ -316,6 +316,9 @@ Released 2017-11-20 refuse to parse an assertion with an eduPersonTargetedID in 'string' format. * Receiving an eduPersonTargetedID in string form will no longer break parsing of the assertion. + * Can disable the Scoping element in SP and remote IdP configuration with the + `disable_scoping` option, for compatibility with ADFS which does not accept + the element. ### `smartattributes` * Fix SmartName authproc that failed to load. diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md index 9ee03c584..96f8fd510 100644 --- a/modules/saml/docs/sp.md +++ b/modules/saml/docs/sp.md @@ -196,6 +196,15 @@ Options : *Note*: For this to be added to the metadata, you must also specify the `attributes` and `name` options. +`disable_scoping` +: Whether sending of samlp:Scoping elements in authentication requests should be suppressed. The default value is `FALSE`. + When set to `TRUE`, no scoping elements will be sent. This does not comply with the SAML2 specification, but allows + interoperability with ADFS which [does not support Scoping elements](https://docs.microsoft.com/en-za/azure/active-directory/develop/active-directory-single-sign-on-protocol-reference#scoping). + +: Note that this option also exists in the IdP remote configuration. An + entry in the the IdP-remote metadata overrides this the option in the + SP configuration. + `discoURL` : Set which IdP discovery service this SP should use. If this is unset, the IdP discovery service specified in the global option `idpdisco.url.{saml20|shib13}` in `config/config.php` will be used. -- GitLab