diff options
| author | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2009-01-13 13:23:59 +0000 |
|---|---|---|
| committer | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2009-01-13 13:23:59 +0000 |
| commit | 237c156e18a50e6ba9ee798bc82cb939a5dbda72 (patch) | |
| tree | 1dc8e60261508ab11dea8142e98c0ab5027ff886 | |
| parent | c17519744be34b199724c023b5a6e1bf02bcfb53 (diff) | |
| download | simplesamlphp-237c156e18a50e6ba9ee798bc82cb939a5dbda72.zip simplesamlphp-237c156e18a50e6ba9ee798bc82cb939a5dbda72.tar.gz simplesamlphp-237c156e18a50e6ba9ee798bc82cb939a5dbda72.tar.bz2 | |
Fix for handling NoPassive responses to Google apps when using NameIDFormats that are different from Transient...
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1146 44740490-163a-0410-bde0-09ae8108e29a
| -rw-r--r-- | lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 40 | ||||
| -rw-r--r-- | www/saml2/idp/SSOService.php | 2 |
2 files changed, 26 insertions, 16 deletions
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php index a04370f..72cf1cb 100644 --- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php +++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php @@ -653,6 +653,8 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { $idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted'); $spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote'); +# echo '<pre>'; print_r($idpmd); exit; + $issuer = $idpentityid; $destination = $spmd['AssertionConsumerService']; @@ -673,6 +675,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { /** * Handling attributes. */ + $base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false; $nameidformat = isset($spmd['NameIDFormat']) ? $spmd['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; $spnamequalifier = isset($spmd['SPNameQualifier']) ? $spmd['SPNameQualifier'] : $spmd['entityid']; @@ -684,31 +687,38 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { elseif (isset($idpmd['AttributeNameFormat'])) $attributeNameFormat = $idpmd['AttributeNameFormat']; - - $encodedattributes = ''; - foreach ($attributes AS $name => $values) { - $encodedattributes .= self::enc_attribute($name, $values, $base64, $attributeNameFormat); - } - $attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>'; - $sendattributes = isset($spmd['simplesaml.attributes']) ? $spmd['simplesaml.attributes'] : true; - - if (!$sendattributes) - $attributestatement = ''; - + $attributestatement = ''; + if ($sendattributes && !is_null($attributes)) { + $encodedattributes = ''; + foreach ($attributes AS $name => $values) { + $encodedattributes .= self::enc_attribute($name, $values, $base64, $attributeNameFormat); + } + $attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>'; + } + /** * Handling NameID */ + $nameIdValue = NULL; if ( ($nameidformat == self::EMAIL) or ($nameidformat == self::PERSISTENT) ) { - $nameIdValue = $attributes[$spmd['simplesaml.nameidattribute']][0]; + if (!is_null($attributes)) { + $nameIdValue = $attributes[$spmd['simplesaml.nameidattribute']][0]; + } } else { $nameIdValue = SimpleSAML_Utilities::generateID(); } - $nameIdData = array('Format' => $nameidformat, 'value' => $nameIdValue); - $session->setSessionNameId('saml20-sp-remote', $spentityid, $nameIdData); - $nameid = $this->generateNameID($nameidformat, $nameIdValue, $spnamequalifier); + + $nameid = ''; + if (!empty($nameIdValue)) { + $nameIdData = array('Format' => $nameidformat, 'value' => $nameIdValue); + $session->setSessionNameId('saml20-sp-remote', $spentityid, $nameIdData); + $nameid = $this->generateNameID($nameidformat, $nameIdValue, $spnamequalifier); + } + + $assertion = ""; if ($status === 'Success') { diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php index e12feb0..1010882 100644 --- a/www/saml2/idp/SSOService.php +++ b/www/saml2/idp/SSOService.php @@ -221,7 +221,7 @@ if($needAuth && !$isPassive) { * With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive */ $ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata); - $authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], null, array(), 'NoPassive'); + $authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], NULL, NULL, 'NoPassive'); /* Sending the AuthNResponse using HTTP-Post SAML 2.0 binding. */ $httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata); |