Changed the authentication request in SAML 2.0. More effective xml namespaces,...

Changed the authentication request in SAML 2.0. More effective xml namespaces, removed some unneccessary optional fields, etc. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@213 44740490-163a-0410-bde0-09ae8108e29a

Changed the authentication request in SAML 2.0. More effective xml namespaces,...
fa1a1a50 · Andreas Åkre Solberg · b18458b1 · fa1a1a50
Commit fa1a1a50 authored 17 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
@@ -117,39 +117,30 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		$spNameQualifier = $md['spNameQualifier'];
-		$nameidformat = isset($md['NameIDFormat']) ? 
+		$nameidformat = isset($md['NameIDFormat']) ? $md['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
-			$md['NameIDFormat'] : 
-			'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
+		// TODO: Make an option in the metadata to allow adding a RequestedAuthnContext
+		$requestauthncontext = '<samlp:RequestedAuthnContext Comparison="exact">
-		$authnRequest = "<samlp:AuthnRequest  " .
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
-		  "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n" .
+    </samlp:RequestedAuthnContext>';
-		  "ID=\"" . $id . "\" " .
-		  "Version=\"2.0\" " .
+		$authnRequest = '<samlp:AuthnRequest 
-		  "IssueInstant=\"" . $issueInstant . "\" " .
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-		  "ForceAuthn=\"false\" " .
+    ID="' . $id . '" Version="2.0"
-		  "IsPassive=\"false\" " .
+    IssueInstant="' . $issueInstant . '" 
-		  "Destination=\"" . htmlspecialchars($destination) . "\" " .
+    Destination="' . htmlspecialchars($destination) . '"
-		  "ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" " .
+    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-		  "AssertionConsumerServiceURL=\"" . htmlspecialchars($assertionConsumerServiceURL) . "\">\n" .
+    AssertionConsumerServiceURL="' . htmlspecialchars($assertionConsumerServiceURL) . '">
-			"<saml:Issuer " .
+    <saml:Issuer >' . htmlspecialchars($spentityid) . '</saml:Issuer>
-			"xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" .
+    <samlp:NameIDPolicy
-			  htmlspecialchars($spentityid) .
+        Format="' . htmlspecialchars($nameidformat) . '"
-			"</saml:Issuer>\n" .
+        AllowCreate="true"/>
-			"<samlp:NameIDPolicy  " .
+    '  . '
-			"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " .
+</samlp:AuthnRequest>
-			"Format=\"" . htmlspecialchars($nameidformat). "\" " .
+';
-			"SPNameQualifier=\"" . htmlspecialchars($spNameQualifier) . "\" " .
-			"AllowCreate=\"true\" />\n" . 
-			"<samlp:RequestedAuthnContext " .
-			"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " .
-			"Comparison=\"exact\">" .
-			  "<saml:AuthnContextClassRef " .
-			  "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" .
-				"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" .
-			  "</saml:AuthnContextClassRef>" .
-			"</samlp:RequestedAuthnContext>\n" .
-		  "</samlp:AuthnRequest>";
 		return $authnRequest;
 	}