Changed the authentication request in SAML 2.0. More effective xml namespaces,...

Changed the authentication request in SAML 2.0. More effective xml namespaces, removed some unneccessary optional fields, etc. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@213 44740490-163a-0410-bde0-09ae8108e29a

Changed the authentication request in SAML 2.0. More effective xml namespaces,...
fa1a1a50 · Andreas Åkre Solberg · b18458b1 · fa1a1a50
Commit fa1a1a50 authored 17 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
@@ -117,39 +117,30 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		
 		
 		$spNameQualifier = $md['spNameQualifier'];
-		$nameidformat = isset($md['NameIDFormat']) ? 
-			$md['NameIDFormat'] : 
-			'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
-		
-		$authnRequest = "<samlp:AuthnRequest  " .
-		  "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n" .
-		  "ID=\"" . $id . "\" " .
-		  "Version=\"2.0\" " .
-		  "IssueInstant=\"" . $issueInstant . "\" " .
-		  "ForceAuthn=\"false\" " .
-		  "IsPassive=\"false\" " .
-		  "Destination=\"" . htmlspecialchars($destination) . "\" " .
-		  "ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" " .
-		  "AssertionConsumerServiceURL=\"" . htmlspecialchars($assertionConsumerServiceURL) . "\">\n" .
-			"<saml:Issuer " .
-			"xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" .
-			  htmlspecialchars($spentityid) .
-			"</saml:Issuer>\n" .
-			"<samlp:NameIDPolicy  " .
-			"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " .
-			"Format=\"" . htmlspecialchars($nameidformat). "\" " .
-			"SPNameQualifier=\"" . htmlspecialchars($spNameQualifier) . "\" " .
-			"AllowCreate=\"true\" />\n" . 
-			"<samlp:RequestedAuthnContext " .
-			"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " .
-			"Comparison=\"exact\">" .
-			  "<saml:AuthnContextClassRef " .
-			  "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" .
-				"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" .
-			  "</saml:AuthnContextClassRef>" .
-			"</samlp:RequestedAuthnContext>\n" .
-		  "</samlp:AuthnRequest>";
-		  
+		$nameidformat = isset($md['NameIDFormat']) ? $md['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
+		
+		// TODO: Make an option in the metadata to allow adding a RequestedAuthnContext
+		$requestauthncontext = '<samlp:RequestedAuthnContext Comparison="exact">
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+    </samlp:RequestedAuthnContext>';
+		
+		$authnRequest = '<samlp:AuthnRequest 
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    ID="' . $id . '" Version="2.0"
+    IssueInstant="' . $issueInstant . '" 
+    Destination="' . htmlspecialchars($destination) . '"
+    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+    AssertionConsumerServiceURL="' . htmlspecialchars($assertionConsumerServiceURL) . '">
+    <saml:Issuer >' . htmlspecialchars($spentityid) . '</saml:Issuer>
+    <samlp:NameIDPolicy
+        Format="' . htmlspecialchars($nameidformat) . '"
+        AllowCreate="true"/>
+    '  . '
+</samlp:AuthnRequest>
+';
+		
+		
+		
 		return $authnRequest;
 	}