From e1af04502f211667d2626f6b95107f98ed9a40f2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 13 Jan 2010 06:58:34 +0000
Subject: [PATCH] saml/IdP: Fix NameID error with encrypted assertion.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2111 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/IdP/SAML2.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 3ea01e274..8fd3bfeea 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -39,6 +39,8 @@ class sspmod_saml_IdP_SAML2 {
 		$assertion = sspmod_saml2_Message::buildAssertion($idpMetadata, $spMetadata, $attributes, $consumerURL);
 		$assertion->setInResponseTo($requestId);
 
+		$nameId = $assertion->getNameId();
+
 		/* Maybe encrypt the assertion. */
 		$assertion = sspmod_saml2_Message::encryptAssertion($idpMetadata, $spMetadata, $assertion);
 
@@ -51,7 +53,7 @@ class sspmod_saml_IdP_SAML2 {
 		/* Add the session association (for logout). */
 		$session = SimpleSAML_Session::getInstance();
 		$session->add_sp_session($spEntityId);
-		$session->setSessionNameId('saml20-sp-remote', $spEntityId, $assertion->getNameId());
+		$session->setSessionNameId('saml20-sp-remote', $spEntityId, $nameId);
 
 		/* Send the response. */
 		$binding = new SAML2_HTTPPost();
-- 
GitLab