From e5d5c0cf98382477b3f32b38bf10eea2500dd85d Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Thu, 26 Aug 2021 17:43:52 +0000
Subject: [PATCH] When acs.Binding specifies unknown binding, ignore it with
 warning

Before, it was half added: there would be an array entry for the binding
with just a numbered index, but no Binding or Location. Alternative is
to throw an error. This mimics most what SSP was already doing but then
more correct.
---
 modules/saml/lib/Auth/Source/SP.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index a9e4c89b2..e9304474a 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -370,7 +370,8 @@ class SP extends \SimpleSAML\Auth\Source
                     }
                     break;
                 default:
-                    $acs = [];
+                    Logger::warning('Unknown acs.Binding value specified, ignoring: ' . $service);
+                    continue 2;
             }
             $acs['index'] = $index;
             $endpoints[] = $acs;
-- 
GitLab