diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 808cb8b7a03e0801a5f5f4e6dca9fbc544370306..025a9d6ec106c6b8220612f21971e68c7291dec2 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -318,6 +318,19 @@ class SimpleSAML_Session {
$this->nameid = $nameid;
}
public function getNameID() {
+ if (array_key_exists('value', $this->nameid)) {
+ /*
+ * This session was saved by an old version of simpleSAMLphp.
+ * Convert to the new NameId format.
+ *
+ * TODO: Remove this conversion once every session uses the new format.
+ */
+ $this->nameid['Value'] = $this->nameid['value'];
+ unset($this->nameid['value']);
+
+ $this->dirty = TRUE;
+ }
+
return $this->nameid;
}
@@ -369,7 +382,19 @@ class SimpleSAML_Session {
return NULL;
}
- return $this->sessionNameId[$entityType][$entityId];
+ $nameId = $this->sessionNameId[$entityType][$entityId];
+ if (array_key_exists('value', $nameId)) {
+ /*
+ * This session was saved by an old version of simpleSAMLphp.
+ * Convert to the new NameId format.
+ *
+ * TODO: Remove this conversion once every session should use the new format.
+ */
+ $nameId['Value'] = $nameId['value'];
+ unset($nameId['value']);
+ }
+
+ return $nameId;
}
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 1f5bef1ea4a9e5acef8ef5ffd9e8f26915321e91..bac77ac1efa95dc220609761956aab2d831a45a5 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -227,7 +227,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$query = '/mysamlp:Response/mysaml:Assertion/mysaml:AuthenticationStatement/mysaml:Subject/mysaml:NameIdentifier';
$nodelist = $xPath->query($query);
if ($node = $nodelist->item(0)) {
- $nameID["value"] = $node->nodeValue;
+ $nameID["Value"] = $node->nodeValue;
$nameID["Format"] = $node->getAttribute('Format');
//$nameID["NameQualifier"] = $node->getAttribute('NameQualifier');
}
diff --git a/modules/adfs/www/idp/prp.php b/modules/adfs/www/idp/prp.php
index d26d74054ec0abc8c78bcba172ae071f0a093c3e..4bdf238f272fd07eb92117e654f530007878831e 100644
--- a/modules/adfs/www/idp/prp.php
+++ b/modules/adfs/www/idp/prp.php
@@ -248,7 +248,7 @@ if (!$session->isValid($authority) ) {
if (array_key_exists('RelayState', $requestcache)) $relayState = $requestcache['RelayState'];
$nameid = $session->getNameID();
- $nameid = $nameid['value'];
+ $nameid = $nameid['Value'];
$nameidattribute = $spmetadata->getValue('simplesaml.nameidattribute');
if (isset($nameidattribute)) {
diff --git a/modules/saml2/lib/Auth/Source/SP.php b/modules/saml2/lib/Auth/Source/SP.php
index 3f17262298177a69ab7e232616cec01e517f0d18..ae762f99307c4d4b058798db010dfd58b4abe302 100644
--- a/modules/saml2/lib/Auth/Source/SP.php
+++ b/modules/saml2/lib/Auth/Source/SP.php
@@ -244,6 +244,17 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
$nameId = $state[self::LOGOUT_NAMEID];
$sessionIndex = $state[self::LOGOUT_SESSIONINDEX];
+ if (array_key_exists('value', $nameId)) {
+ /*
+ * This session was saved by an old version of simpleSAMLphp.
+ * Convert to the new NameId format.
+ *
+ * TODO: Remove this conversion once every session should use the new format.
+ */
+ $nameId['Value'] = $nameId['value'];
+ unset($nameId['value']);
+ }
+
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($this->getEntityId(), 'saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
diff --git a/www/example-simple/attributequery.php b/www/example-simple/attributequery.php
index a81ab6a8b84cdf42f8b07ebcb94f4e97739251cd..94e6a9d7b322653f967ceb34f0c62bb26a5f5f17 100644
--- a/www/example-simple/attributequery.php
+++ b/www/example-simple/attributequery.php
@@ -69,12 +69,7 @@ if (empty($defNameId)) {
$defNameId = array();
}
if (!array_key_exists('Value', $defNameId)) {
- if (array_key_exists('value', $defNameId)) {
- /* For backwards compatibility. */
- $defNameId['Value'] = $defNameId['value'];
- } else {
- $defNameId['Value'] = SimpleSAML_Utilities::generateID();
- }
+ $defNameId['Value'] = SimpleSAML_Utilities::generateID();
}
if (!array_key_exists('Format', $defNameId)) {
$defNameId['Format'] = SAML2_Const::NAMEID_TRANSIENT;
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 31b14078005d8dcc08256f936ff298df58aa079c..3560c3a2733eb8fa6ab7d5196931642389dd49a2 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -426,7 +426,6 @@ if($needAuth && !$isPassive) {
$assertion->setInResponseTo($requestID);
$nameId = $assertion->getNameId();
- $nameId['value'] = $nameId['Value'];
$session->setSessionNameId('saml20-sp-remote', $spentityid, $nameId);
/* Maybe encrypt the assertion. */
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 6b55c7cad82ac127d9ecbf7fb20e2ee0a27e865a..764f8b0635f6ad7d3c9f9e696f964a53ce9c80fb 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -234,10 +234,6 @@ if ($spEntityId) {
$nameId = $session->getNameID();
}
- /* Convert to new-style NameId format. */
- $nameId['Value'] = $nameId['value'];
- unset($nameId['value']);
-
$lr = sspmod_saml2_Message::buildLogoutRequest($idpMetadata, $spMetadata);
$lr->setSessionIndex($session->getSessionIndex());
$lr->setNameId($nameId);
diff --git a/www/saml2/idp/SingleLogoutServiceiFrame.php b/www/saml2/idp/SingleLogoutServiceiFrame.php
index efc36156acba6b8c7bef80e7dfc2292bd71ff013..144bf43295556225e016407c8777ea8dc508051b 100644
--- a/www/saml2/idp/SingleLogoutServiceiFrame.php
+++ b/www/saml2/idp/SingleLogoutServiceiFrame.php
@@ -265,10 +265,6 @@ foreach ($listofsps AS $spentityid) {
$nameId = $session->getNameID();
}
- /* Convert to new-style NameId format. */
- $nameId['Value'] = $nameId['value'];
- unset($nameId['value']);
-
$spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-remote');
$name = $spMetadata->getValue('name', $spentityid);
diff --git a/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php b/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php
index dd47a81cc1324f4b7175a8deb29288e8084462bb..b57d11d1dc0d95aee815429af4851fb4a3f28a1c 100644
--- a/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php
+++ b/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php
@@ -191,11 +191,6 @@ foreach ($listofsps AS $spentityid) {
$nameId = $session->getNameID();
}
- /* Convert to new-style NameId format. */
- $nameId['Value'] = $nameId['value'];
- unset($nameId['value']);
-
-
$spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-remote');
$name = $spMetadata->getValue('name', $spentityid);
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 2d4c61cee6a6f1b87dba44abfbbe8a8212fbeb72..f23b23139e46aef5b20819e4b7f8bc8340716fb6 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -145,10 +145,7 @@ try {
SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadataHandler->getMetaDataCurrentEntityID() . ' ' . $idp . ' NA');
- /* Convert the NameId array to the old style. */
$nameId = $assertion->getNameId();
- $nameId['value'] = $nameId['Value'];
- unset($nameId['Value']);
/* Begin module attribute processing */
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 78dc8b7609c1fbde116f7ef1fa681c1e86a92af8..b7256406e62b8f85d34a789dd66f424d50f43999 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -36,10 +36,7 @@ try {
$spEntityId = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
- /* Convert NameId to new style. */
$nameId = $session->getNameId();
- $nameId['Value'] = $nameId['value'];
- unset($nameId['value']);
$lr = sspmod_saml2_Message::buildLogoutRequest($spMetadata, $idpMetadata);
$lr->setNameId($nameId);