saml: New configuration option: nameid.encryption

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2745 44740490-163a-0410-bde0-09ae8108e29a

saml: New configuration option: nameid.encryption
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2745 44740490-163a-0410-bde0-09ae8108e29a
e0a361b5 · Olav Morken · d5caf22e · e0a361b5 · e0a361b5
Commit e0a361b5 authored 14 years ago by Olav Morken
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -377,6 +377,14 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$lr->setSessionIndex($sessionIndex);
 		$lr->setRelayState($id);

+		$encryptNameId = $idpMetadata->getBoolean('nameid.encryption', NULL);
+		if ($encryptNameId === NULL) {
+			$encryptNameId = $this->metadata->getBoolean('nameid.encryption', FALSE);
+		}
+		if ($encryptNameId) {
+			$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata));
+		}
+
 		$b = new SAML2_HTTPRedirect();
 		$b->send($lr);


--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -412,6 +412,14 @@ class sspmod_saml_IdP_SAML2 {
 		$lr->setSessionIndex($association['saml:SessionIndex']);
 		$lr->setNameId($association['saml:NameID']);

+		$encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL);
+		if ($encryptNameId === NULL) {
+			$encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE);
+		}
+		if ($encryptNameId) {
+			$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
+		}
+
 		$binding = new SAML2_HTTPRedirect();
 		return $binding->getRedirectURL($lr);
 	}