diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php index 632ec04cca8156bb31e1c7ee0ea452a48466d30e..ad20c4c748507fe8b1c0efe48a9d36698b3909f9 100644 --- a/lib/SimpleSAML/Utils/Config/Metadata.php +++ b/lib/SimpleSAML/Utils/Config/Metadata.php @@ -279,4 +279,38 @@ class Metadata \SimpleSAML\Logger::popErrorMask(); return $hidden === true; } + + + /** + * This method parses the different possible values of the NameIDPolicy metadata configuration. + * + * @param mixed $nameIdPolicy + * + * @return null|array + */ + public static function parseNameIdPolicy($nameIdPolicy) + { + $policy = null; + + if (is_string($nameIdPolicy)) { + // handle old configurations where 'NameIDPolicy' was used to specify just the format + $policy = array('Format' => $nameIdPolicy); + } elseif (is_array($nameIdPolicy)) { + // handle current configurations specifying an array in the NameIDPolicy config option + $nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy); + $policy = array( + 'Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT), + 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true), + ); + $spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false); + if ($spNameQualifier !== false) { + $policy['SPNameQualifier'] = $spNameQualifier; + } + } elseif ($nameIdPolicy === null) { + // when NameIDPolicy is unset or set to null, default to transient as before + $policy = array('Format' => \SAML2\Constants::NAMEID_TRANSIENT); + } + + return $policy; + } }