From e64f8c1a3dc7207f2a31f162485163a3aa8bdd54 Mon Sep 17 00:00:00 2001
From: Marko Ivancic <cicnavi@gmail.com>
Date: Sat, 27 Mar 2021 20:13:28 +0100
Subject: [PATCH] Make inResponseTo available in auth state (#1447)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Marko Ivančić <marko.ivancic@srce.hr>
---
 docs/simplesamlphp-changelog.md   | 1 +
 modules/saml/www/sp/saml2-acs.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index a2cc24cf1..7054da7ae 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -16,6 +16,7 @@ Released TBD
   * Fixed compatibility with Composer pre 1.8.5 (Debian 10) (#1427)
   * Updated npm dependencies up to February 1, 2021
   * Fixed a bug where it was impossible to set WantAssertionsSigned=true on SP-metadata (#1433)
+  * Make inResponseTo available in state array (#1447)
 
 ### authorize
   * Fix a bug in the Twig-template that causes an exception in Twig strict vars mode
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 7d5c39a79..a1b603d8c 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -261,6 +261,7 @@ if ($expire !== null) {
 $state['saml:sp:prevAuth'] = [
     'id'     => $response->getId(),
     'issuer' => $issuer,
+    'inResponseTo' => $response->getInResponseTo(),
 ];
 if (isset($state['\SimpleSAML\Auth\Source.ReturnURL'])) {
     $state['saml:sp:prevAuth']['redirect'] = $state['\SimpleSAML\Auth\Source.ReturnURL'];
-- 
GitLab