diff options
| author | Jaime Pérez <jaime.perez@uninett.no> | 2016-08-10 13:23:51 +0200 |
|---|---|---|
| committer | Jaime Pérez <jaime.perez@uninett.no> | 2016-08-10 13:23:51 +0200 |
| commit | bd5ede946217dc8a32f9d11ec1b7e45ea18558ee (patch) | |
| tree | e6f44a69542270049f90a53f323d387aaab2c80a | |
| parent | 0a6f9cfdae7365481607dc30389b68f5111b4041 (diff) | |
| download | simplesamlphp-bd5ede946217dc8a32f9d11ec1b7e45ea18558ee.zip simplesamlphp-bd5ede946217dc8a32f9d11ec1b7e45ea18558ee.tar.gz simplesamlphp-bd5ede946217dc8a32f9d11ec1b7e45ea18558ee.tar.bz2 | |
bugfix: Avoid the SAML2 IdP resilient to failures when getting DOMNodeList attribute values.
Due to recent changes in the SAML2 library, when an attribute has a value that contains XML, its contents are returned as a DOMNodeList instead of a string. This causes problems when running as a proxy, since the SAML2 IdP will obtain attributes in a format that cannot be cast to string. Regardless of the attribute encoding configured in the IdP for a remote SP, we should handle those cases gracefully, so that the IdP don't end up in an uncaught exception.
| -rw-r--r-- | modules/saml/lib/IdP/SAML2.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index d614a3f..20897dc 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -698,12 +698,17 @@ class sspmod_saml_IdP_SAML2 { continue; } + $attrval = $value; + if ($value instanceof DOMNodeList) { + $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode); + } + switch ($encoding) { case 'string': - $value = (string)$value; + $value = (string)$attrval; break; case 'base64': - $value = base64_encode((string)$value); + $value = base64_encode((string)$attrval); break; case 'raw': if (is_string($value)) { |