From e1c32bd464785784311e6160f278e57fddc60ece Mon Sep 17 00:00:00 2001
From: m0ark <33390109+m0ark@users.noreply.github.com>
Date: Thu, 15 Sep 2022 23:59:06 +0200
Subject: [PATCH] make sure that same associationGroup is only used if both
 ADFS and SAML IdPs are enabled (#1565)

---
 src/SimpleSAML/IdP.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/SimpleSAML/IdP.php b/src/SimpleSAML/IdP.php
index 92943bf1a..3e0950adf 100644
--- a/src/SimpleSAML/IdP.php
+++ b/src/SimpleSAML/IdP.php
@@ -91,12 +91,14 @@ class IdP
             }
             $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted');
 
-            try {
-                // this makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP
-                $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-                $this->associationGroup = 'saml2:' . $saml2EntityId;
-            } catch (\Exception $e) {
-                // probably no SAML 2 IdP configured for this host. Ignore the error
+            if ($globalConfig->getBoolean('enable.saml20-idp', false)) {
+                try {
+                    // this makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP
+                    $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+                    $this->associationGroup = 'saml2:' . $saml2EntityId;
+                } catch (\Exception $e) {
+                    // probably no SAML 2 IdP configured for this host. Ignore the error
+                }
             }
         } else {
             throw new \Exception("Protocol not implemented.");
-- 
GitLab