From ff3df0733e7ca3e810c348e0fc2fb2ccf7a9ba66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no> Date: Wed, 11 Jan 2017 15:05:43 +0100 Subject: [PATCH] Update the SAML2 library and start using the new \SAML2\XML\saml\NameID objects. This enables too the implementation of additional contact attributes, as requested in #509 to support the SIRTFI framework. --- composer.json | 2 +- composer.lock | 89 +++++++++---------- modules/core/lib/Auth/Process/TargetedID.php | 13 ++- modules/saml/docs/sp.md | 3 +- .../Process/PersistentNameID2TargetedID.php | 3 +- modules/saml/lib/Auth/Source/SP.php | 2 +- modules/saml/lib/BaseNameIDGenerator.php | 11 +-- modules/saml/lib/IdP/SAML2.php | 11 ++- modules/saml/lib/SP/LogoutStore.php | 17 +++- templates/includes/attributes.php | 44 +++++---- templates/status.php | 18 +++- .../lib/Auth/Source/Auth_Source_SP_Test.php | 4 +- 12 files changed, 123 insertions(+), 94 deletions(-) diff --git a/composer.json b/composer.json index fbe519d12..0801632ab 100644 --- a/composer.json +++ b/composer.json @@ -35,7 +35,7 @@ "ext-date": "*", "ext-hash": "*", "ext-json": "*", - "simplesamlphp/saml2": "dev-master#00e38f85b417be1e10a2d738dd2f5ea82edb472c as 2.2", + "simplesamlphp/saml2": "dev-master#f079abe36ab4101dfda654a087f8003a9673b952 as 2.4", "robrichards/xmlseclibs": "~2.0", "whitehat101/apr1-md5": "~1.0", "twig/twig": "~1.0", diff --git a/composer.lock b/composer.lock index 2b39605ee..39eccf6b7 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "8c00f782ce6ebb578fc1174355b01d62", - "content-hash": "5db285469a25f3c3a1e21975ac94c2e9", + "content-hash": "d457492f7cd0fcade4c93ef810d2794c", "packages": [ { "name": "gettext/gettext", @@ -65,7 +64,7 @@ "po", "translation" ], - "time": "2016-08-01 18:09:57" + "time": "2016-08-01T18:09:57+00:00" }, { "name": "gettext/languages", @@ -119,7 +118,7 @@ "translations", "unicode" ], - "time": "2015-03-27 11:32:41" + "time": "2015-03-27T11:32:41+00:00" }, { "name": "jaimeperez/twig-configurable-i18n", @@ -163,7 +162,7 @@ "translation", "twig" ], - "time": "2016-10-03 12:34:15" + "time": "2016-10-03T12:34:15+00:00" }, { "name": "psr/log", @@ -210,7 +209,7 @@ "psr", "psr-3" ], - "time": "2016-09-19 16:02:08" + "time": "2016-09-19T16:02:08+00:00" }, { "name": "robrichards/xmlseclibs", @@ -251,7 +250,7 @@ "xml", "xmldsig" ], - "time": "2016-09-08 13:15:00" + "time": "2016-09-08T13:15:00+00:00" }, { "name": "simplesamlphp/saml2", @@ -259,12 +258,12 @@ "source": { "type": "git", "url": "https://github.com/simplesamlphp/saml2.git", - "reference": "00e38f85b417be1e10a2d738dd2f5ea82edb472c" + "reference": "f079abe36ab4101dfda654a087f8003a9673b952" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/00e38f85b417be1e10a2d738dd2f5ea82edb472c", - "reference": "00e38f85b417be1e10a2d738dd2f5ea82edb472c", + "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/f079abe36ab4101dfda654a087f8003a9673b952", + "reference": "f079abe36ab4101dfda654a087f8003a9673b952", "shasum": "" }, "require": { @@ -303,7 +302,7 @@ } ], "description": "SAML2 PHP library from SimpleSAMLphp", - "time": "2016-07-26 13:28:46" + "time": "2017-01-11 10:10:03" }, { "name": "twig/extensions", @@ -355,7 +354,7 @@ "i18n", "text" ], - "time": "2016-09-22 16:50:57" + "time": "2016-09-22T16:50:57+00:00" }, { "name": "twig/twig", @@ -416,7 +415,7 @@ "keywords": [ "templating" ], - "time": "2016-09-21 23:05:12" + "time": "2016-09-21T23:05:12+00:00" }, { "name": "whitehat101/apr1-md5", @@ -460,7 +459,7 @@ "MD5", "apr1" ], - "time": "2015-02-11 11:06:42" + "time": "2015-02-11T11:06:42+00:00" } ], "packages-dev": [ @@ -516,7 +515,7 @@ "constructor", "instantiate" ], - "time": "2015-06-14 21:17:01" + "time": "2015-06-14T21:17:01+00:00" }, { "name": "guzzle/guzzle", @@ -612,7 +611,7 @@ "web service" ], "abandoned": "guzzlehttp/guzzle", - "time": "2015-03-18 18:23:50" + "time": "2015-03-18T18:23:50+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -666,7 +665,7 @@ "reflection", "static analysis" ], - "time": "2015-12-27 11:43:31" + "time": "2015-12-27T11:43:31+00:00" }, { "name": "phpdocumentor/reflection-docblock", @@ -711,7 +710,7 @@ } ], "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", - "time": "2016-09-30 07:12:33" + "time": "2016-09-30T07:12:33+00:00" }, { "name": "phpdocumentor/type-resolver", @@ -758,7 +757,7 @@ "email": "me@mikevanriel.com" } ], - "time": "2016-06-10 07:14:17" + "time": "2016-06-10T07:14:17+00:00" }, { "name": "phpspec/prophecy", @@ -820,7 +819,7 @@ "spy", "stub" ], - "time": "2016-06-07 08:13:47" + "time": "2016-06-07T08:13:47+00:00" }, { "name": "phpunit/php-code-coverage", @@ -882,7 +881,7 @@ "testing", "xunit" ], - "time": "2015-10-06 15:47:00" + "time": "2015-10-06T15:47:00+00:00" }, { "name": "phpunit/php-file-iterator", @@ -929,7 +928,7 @@ "filesystem", "iterator" ], - "time": "2015-06-21 13:08:43" + "time": "2015-06-21T13:08:43+00:00" }, { "name": "phpunit/php-text-template", @@ -970,7 +969,7 @@ "keywords": [ "template" ], - "time": "2015-06-21 13:50:34" + "time": "2015-06-21T13:50:34+00:00" }, { "name": "phpunit/php-timer", @@ -1014,7 +1013,7 @@ "keywords": [ "timer" ], - "time": "2016-05-12 18:03:57" + "time": "2016-05-12T18:03:57+00:00" }, { "name": "phpunit/php-token-stream", @@ -1063,7 +1062,7 @@ "keywords": [ "tokenizer" ], - "time": "2015-09-15 10:49:45" + "time": "2015-09-15T10:49:45+00:00" }, { "name": "phpunit/phpunit", @@ -1135,7 +1134,7 @@ "testing", "xunit" ], - "time": "2016-07-21 06:48:14" + "time": "2016-07-21T06:48:14+00:00" }, { "name": "phpunit/phpunit-mock-objects", @@ -1191,7 +1190,7 @@ "mock", "xunit" ], - "time": "2015-10-02 06:51:40" + "time": "2015-10-02T06:51:40+00:00" }, { "name": "satooshi/php-coveralls", @@ -1249,7 +1248,7 @@ "github", "test" ], - "time": "2016-01-20 17:35:46" + "time": "2016-01-20T17:35:46+00:00" }, { "name": "sebastian/comparator", @@ -1313,7 +1312,7 @@ "compare", "equality" ], - "time": "2015-07-26 15:48:44" + "time": "2015-07-26T15:48:44+00:00" }, { "name": "sebastian/diff", @@ -1365,7 +1364,7 @@ "keywords": [ "diff" ], - "time": "2015-12-08 07:14:41" + "time": "2015-12-08T07:14:41+00:00" }, { "name": "sebastian/environment", @@ -1415,7 +1414,7 @@ "environment", "hhvm" ], - "time": "2016-08-18 05:49:44" + "time": "2016-08-18T05:49:44+00:00" }, { "name": "sebastian/exporter", @@ -1482,7 +1481,7 @@ "export", "exporter" ], - "time": "2016-06-17 09:04:28" + "time": "2016-06-17T09:04:28+00:00" }, { "name": "sebastian/global-state", @@ -1533,7 +1532,7 @@ "keywords": [ "global state" ], - "time": "2015-10-12 03:26:01" + "time": "2015-10-12T03:26:01+00:00" }, { "name": "sebastian/recursion-context", @@ -1586,7 +1585,7 @@ ], "description": "Provides functionality to recursively process PHP variables", "homepage": "http://www.github.com/sebastianbergmann/recursion-context", - "time": "2015-11-11 19:50:13" + "time": "2015-11-11T19:50:13+00:00" }, { "name": "sebastian/version", @@ -1621,7 +1620,7 @@ ], "description": "Library that helps with managing the version number of Git-hosted PHP projects", "homepage": "https://github.com/sebastianbergmann/version", - "time": "2015-06-21 13:59:46" + "time": "2015-06-21T13:59:46+00:00" }, { "name": "symfony/config", @@ -1674,7 +1673,7 @@ ], "description": "Symfony Config Component", "homepage": "https://symfony.com", - "time": "2016-08-27 18:50:07" + "time": "2016-08-27T18:50:07+00:00" }, { "name": "symfony/console", @@ -1734,7 +1733,7 @@ ], "description": "Symfony Console Component", "homepage": "https://symfony.com", - "time": "2016-08-19 06:48:39" + "time": "2016-08-19T06:48:39+00:00" }, { "name": "symfony/event-dispatcher", @@ -1794,7 +1793,7 @@ ], "description": "Symfony EventDispatcher Component", "homepage": "https://symfony.com", - "time": "2016-07-28 16:56:28" + "time": "2016-07-28T16:56:28+00:00" }, { "name": "symfony/filesystem", @@ -1843,7 +1842,7 @@ ], "description": "Symfony Filesystem Component", "homepage": "https://symfony.com", - "time": "2016-07-20 05:44:26" + "time": "2016-07-20T05:44:26+00:00" }, { "name": "symfony/polyfill-mbstring", @@ -1902,7 +1901,7 @@ "portable", "shim" ], - "time": "2016-05-18 14:26:46" + "time": "2016-05-18T14:26:46+00:00" }, { "name": "symfony/stopwatch", @@ -1951,7 +1950,7 @@ ], "description": "Symfony Stopwatch Component", "homepage": "https://symfony.com", - "time": "2016-06-29 05:41:56" + "time": "2016-06-29T05:41:56+00:00" }, { "name": "symfony/yaml", @@ -2000,7 +1999,7 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "time": "2016-09-02 02:12:52" + "time": "2016-09-02T02:12:52+00:00" }, { "name": "webmozart/assert", @@ -2050,13 +2049,13 @@ "check", "validate" ], - "time": "2016-08-09 15:02:57" + "time": "2016-08-09T15:02:57+00:00" } ], "aliases": [ { - "alias": "2.2", - "alias_normalized": "2.2.0.0", + "alias": "2.4", + "alias_normalized": "2.4.0.0", "version": "9999999-dev", "package": "simplesamlphp/saml2" } diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php index 4182cee55..a4d73e39c 100644 --- a/modules/core/lib/Auth/Process/TargetedID.php +++ b/modules/core/lib/Auth/Process/TargetedID.php @@ -124,23 +124,22 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt if ($this->generateNameId) { // Convert the targeted ID to a SAML 2.0 name identifier element - $nameId = array( - 'Format' => \SAML2\Constants::NAMEID_PERSISTENT, - 'Value' => $uid, - ); + $nameId = new \SAML2\XML\saml\NameID(); + $nameId->value = $uid; + $nameId->Format = \SAML2\Constants::NAMEID_PERSISTENT; if (isset($state['Source']['entityid'])) { - $nameId['NameQualifier'] = $state['Source']['entityid']; + $nameId->NameQualifier = $state['Source']['entityid']; } if (isset($state['Destination']['entityid'])) { - $nameId['SPNameQualifier'] = $state['Destination']['entityid']; + $nameId->SPNameQualifier = $state['Destination']['entityd']; } $doc = \SAML2\DOMDocumentFactory::create(); $root = $doc->createElement('root'); $doc->appendChild($root); - \SAML2\Utils::addNameId($root, $nameId); + $nameId->toXML($root); $uid = $doc->saveXML($root->firstChild); } diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md index a291cd10a..31def6f69 100644 --- a/modules/saml/docs/sp.md +++ b/modules/saml/docs/sp.md @@ -65,8 +65,7 @@ All these parameters override the equivalent option from the configuration. `saml:NameID` : Add a Subject element with a NameID to the SAML AuthnRequest for the IdP. - This is an associative array with the fields for the NameID. - Example: `array('Value' => 'user@example.org', 'Format' => SAML2\Constants::NAMEID_UNSPECIFIED)` + This must be a \SAML2\XML\saml\NameID object. : *Note*: SAML 2 specific. diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php index be61e1099..25ae97f1a 100644 --- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php +++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php @@ -66,13 +66,14 @@ class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Au return; } + /** @var \SAML2\XML\saml\NameID $nameID */ $nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT]; if ($this->nameId) { $doc = \SAML2\DOMDocumentFactory::create(); $root = $doc->createElement('root'); $doc->appendChild($root); - \SAML2\Utils::addNameId($root, $nameID); + $nameID->toXML($root); $value = $doc->saveXML($root->firstChild); } else { $value = $nameID['Value']; diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index 728c97e87..c866a2de4 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -218,7 +218,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { } if (isset($state['saml:NameID'])) { - if (!is_array($state['saml:NameID'])) { + if (!is_array($state['saml:NameID']) && !is_a($state['saml:NameID'], '\SAML2\XML\saml\NameID')) { throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].'); } $ar->setNameId($state['saml:NameID']); diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php index 24d6d209d..d14a8c250 100644 --- a/modules/saml/lib/BaseNameIDGenerator.php +++ b/modules/saml/lib/BaseNameIDGenerator.php @@ -87,26 +87,27 @@ abstract class sspmod_saml_BaseNameIDGenerator extends SimpleSAML_Auth_Processin return; } - $nameId = array('Value' => $value); + $nameId = new \SAML2\XML\saml\NameID(); + $nameId->value = $value; if ($this->nameQualifier === TRUE) { if (isset($state['IdPMetadata']['entityid'])) { - $nameId['NameQualifier'] = $state['IdPMetadata']['entityid']; + $nameId->NameQualifier = $state['IdPMetadata']['entityid']; } else { SimpleSAML\Logger::warning('No IdP entity ID, unable to set NameQualifier.'); } } elseif (is_string($this->nameQualifier)) { - $nameId['NameQualifier'] = $this->nameQualifier; + $nameId->NameQualifier = $this->nameQualifier; } if ($this->spNameQualifier === TRUE) { if (isset($state['SPMetadata']['entityid'])) { - $nameId['SPNameQualifier'] = $state['SPMetadata']['entityid']; + $nameId->SPNameQualifier = $state['SPMetadata']['entityid']; } else { SimpleSAML\Logger::warning('No SP entity ID, unable to set SPNameQualifier.'); } } elseif (is_string($this->spNameQualifier)) { - $nameId['SPNameQualifier'] = $this->spNameQualifier; + $nameId->SPNameQualifier = $this->spNameQualifier; } $state['saml:NameID'][$this->format] = $nameId; diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index e8521efd6..158cdd21b 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -974,7 +974,7 @@ class sspmod_saml_IdP_SAML2 if (isset($state['saml:NameID'][$nameIdFormat])) { $nameId = $state['saml:NameID'][$nameIdFormat]; - $nameId['Format'] = $nameIdFormat; + $nameId->Format = $nameIdFormat; } else { $spNameQualifier = $spMetadata->getString('SPNameQualifier', null); if ($spNameQualifier === null) { @@ -995,11 +995,10 @@ class sspmod_saml_IdP_SAML2 } } - $nameId = array( - 'Format' => $nameIdFormat, - 'Value' => $nameIdValue, - 'SPNameQualifier' => $spNameQualifier, - ); + $nameId = new \SAML2\XML\saml\NameID(); + $nameId->Format = $nameIdFormat; + $nameId->value = $nameIdValue; + $nameId->SPNameQualifier = $spNameQualifier; } $state['saml:idp:NameID'] = $nameId; diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php index f56b2bedb..94b895ee1 100644 --- a/modules/saml/lib/SP/LogoutStore.php +++ b/modules/saml/lib/SP/LogoutStore.php @@ -152,11 +152,17 @@ class sspmod_saml_SP_LogoutStore { /** * Register a new session in the datastore. * + * Please observe the change of the signature in this method. Previously, the second parameter ($nameId) was forced + * to be an array. However, it has no type restriction now, and the documentation states it must be a + * \SAML2\XML\saml\NameID object. Currently, this function still accepts an array passed as $nameId, and will + * silently convert it to a \SAML2\XML\saml\NameID object. This is done to keep backwards-compatibility, though will + * no longer be possible in the future as the $nameId parameter will be required to be an object. + * * @param string $authId The authsource ID. - * @param array $nameId The NameID of the user. + * @param \SAML2\XML\saml\NameID $nameId The NameID of the user. * @param string|NULL $sessionIndex The SessionIndex of the user. */ - public static function addSession($authId, array $nameId, $sessionIndex, $expire) { + public static function addSession($authId, $nameId, $sessionIndex, $expire) { assert('is_string($authId)'); assert('is_string($sessionIndex) || is_null($sessionIndex)'); assert('is_int($expire)'); @@ -176,8 +182,11 @@ class sspmod_saml_SP_LogoutStore { return; } - /* Normalize NameID. */ - ksort($nameId); + // serialize and anonymize the NameID + // TODO: remove this conditional statement + if (is_array($nameId)) { + $nameId = \SAML2\XML\saml\NameID::fromArray($nameId); + } $strNameId = serialize($nameId); $strNameId = sha1($strNameId); diff --git a/templates/includes/attributes.php b/templates/includes/attributes.php index b7539fa14..79aae3130 100644 --- a/templates/includes/attributes.php +++ b/templates/includes/attributes.php @@ -31,6 +31,26 @@ function present_assoc($attr) } } +function present_eptid(\SimpleSAML\Locale\Translate $t, \SAML2\XML\saml\NameID $nameID) +{ + $eptid = array( + 'NameID' => array($nameID->value), + ); + if (!empty($nameID->Format)) { + $eptid[$t->t('{status:subject_format}')] = array($nameID->Format); + } + if (!empty($nameID->NameQualifier)) { + $eptid['NameQualifier'] = array($nameID->NameQualifier); + } + if (!empty($nameID->SPNameQualifier)) { + $eptid['SPNameQualifier'] = array($nameID->SPNameQualifier); + } + if (!empty($nameID->SPProvidedID)) { + $eptid['SPProvidedID'] = array($nameID->SPProvidedID); + } + return '<td class="attrvalue">'.present_assoc($eptid); +} + function present_attributes(SimpleSAML_XHTML_Template $t, $attributes, $nameParent) { $alternate = array('odd', 'even'); @@ -42,7 +62,8 @@ function present_attributes(SimpleSAML_XHTML_Template $t, $attributes, $namePare foreach ($attributes as $name => $value) { $nameraw = $name; - $name = $t->getTranslator()->getAttributeTranslation($parentStr.$nameraw); + $trans = $t->getTranslator(); + $name = $trans->getAttributeTranslation($parentStr.$nameraw); if (preg_match('/^child_/', $nameraw)) { $parentName = preg_replace('/^child_/', '', $nameraw); @@ -79,7 +100,7 @@ function present_attributes(SimpleSAML_XHTML_Template $t, $attributes, $namePare '" /></td></tr>'; } elseif (is_a($value[0], 'DOMNodeList')) { // try to see if we have a NameID here - /** @var DOMNodeList $value[0] */ + /** @var DOMNodeList $value [0] */ $n = $value[0]->length; for ($idx = 0; $idx < $n; $idx++) { $elem = $value[0]->item($idx); @@ -87,24 +108,13 @@ function present_attributes(SimpleSAML_XHTML_Template $t, $attributes, $namePare if (!($elem->localName === 'NameID' && $elem->namespaceURI === \SAML2\Constants::NS_SAML)) { continue; } - $nameID = new \SAML2\XML\saml\NameID($elem); - $eptid = array( - 'NameID' => array($nameID->value), - ); - if (!empty($nameID->Format)) { - $eptid['Format'] = array($nameID->Format); - } - if (!empty($nameID->NameQualifier)) { - $eptid['NameQualifier'] = array($nameID->NameQualifier); - } - if (!empty($nameID->SPNameQualifier)) { - $eptid['SPNameQualifier'] = array($nameID->SPNameQualifier); - } - $str .= '<td class="attrvalue">'; - $str .= present_assoc($eptid); + $str .= present_eptid($trans, new \SAML2\XML\saml\NameID($elem)); break; // we only support one NameID here } $str .= '</td></tr>'; + } elseif (is_a($value[0], '\SAML2\XML\saml\NameID')) { + $str .= present_eptid($trans, $value[0]); + $str .= '</td></tr>'; } else { $str .= '<td class="attrvalue">'.htmlspecialchars($value[0]).'</td></tr>'; } diff --git a/templates/status.php b/templates/status.php index 25b6e0207..798b546ac 100644 --- a/templates/status.php +++ b/templates/status.php @@ -35,15 +35,27 @@ echo(present_attributes($this, $attributes, '')); $nameid = $this->data['nameid']; if ($nameid !== false) { + /** @var \SAML2\XML\saml\NameID $nameid */ echo "<h2>".$this->t('{status:subject_header}')."</h2>"; - if (!isset($nameid['Value'])) { + if (is_null($nameid->value)) { $list = array("NameID" => array($this->t('{status:subject_notset}'))); echo "<p>NameID: <span class=\"notset\">".$this->t('{status:subject_notset}')."</span></p>"; } else { $list = array( - "NameId" => array($nameid['Value']), - $this->t('{status:subject_format}') => array($nameid['Format']) + "NameId" => array($nameid->value), ); + if (!is_null($nameid->Format)) { + $list[$this->t('{status:subject_format}')] = array($nameid->Format); + } + if (!is_null($nameid->NameQualifier)) { + $list['NameQualifier'] = array($nameid->NameQualifier); + } + if (!is_null($nameid->SPNameQualifier)) { + $list['SPNameQualifier'] = array($nameid->SPNameQualifier); + } + if (!is_null($nameid->SPProvidedID)) { + $list['SPProvidedID'] = array($nameid->SPProvidedID); + } } echo(present_attributes($this, $list, '')); } diff --git a/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php b/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php index aeaa357b8..c88def979 100644 --- a/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php +++ b/tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php @@ -190,8 +190,8 @@ class SP_Test extends \PHPUnit_Framework_TestCase $ar = $this->createAuthnRequest($state); $nameID = $ar->getNameId(); - $this->assertEquals($state['saml:NameID']['Value'], $nameID['Value']); - $this->assertEquals($state['saml:NameID']['Format'], $nameID['Format']); + $this->assertEquals($state['saml:NameID']['Value'], $nameID->value); + $this->assertEquals($state['saml:NameID']['Format'], $nameID->Format); /** @var $xml \DOMElement */ $xml = $ar->toSignedXML(); -- GitLab