diff options
| author | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2008-02-13 09:35:58 +0000 |
|---|---|---|
| committer | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2008-02-13 09:35:58 +0000 |
| commit | 9c7b64f2098cd6fef75bacda4e10a33c618302d8 (patch) | |
| tree | 081d0dfbb0158fd26deee5d692c462fa389fad90 /lib/SimpleSAML/XML/SAML20 | |
| parent | e049c33f887d31c444fe771e97e532bc0eb90670 (diff) | |
| download | simplesamlphp-9c7b64f2098cd6fef75bacda4e10a33c618302d8.zip simplesamlphp-9c7b64f2098cd6fef75bacda4e10a33c618302d8.tar.gz simplesamlphp-9c7b64f2098cd6fef75bacda4e10a33c618302d8.tar.bz2 | |
Adding SPNameQualifier again since some implementations need it.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@287 44740490-163a-0410-bde0-09ae8108e29a
Diffstat (limited to 'lib/SimpleSAML/XML/SAML20')
| -rw-r--r-- | lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 20 | ||||
| -rw-r--r-- | lib/SimpleSAML/XML/SAML20/LogoutRequest.php | 8 |
2 files changed, 21 insertions, 7 deletions
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php index d0e8cca..8da4453 100644 --- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php +++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php @@ -492,6 +492,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { */ $base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false; $nameidformat = isset($spmd['NameIDFormat']) ? $spmd['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; + $spnamequalifier = isset($spmd['SPNameQualifier']) ? $spmd['SPNameQualifier'] : $spmd['entityid']; $encodedattributes = ''; foreach ($attributes AS $name => $values) { @@ -510,9 +511,9 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { */ $nameid = null; if ($nameidformat == self::EMAIL) { - $nameid = $this->generateNameID($nameidformat, $attributes[$spmd['simplesaml.nameidattribute']][0]); + $nameid = $this->generateNameID($nameidformat, $attributes[$spmd['simplesaml.nameidattribute']][0], $spnamequalifier); } else { - $nameid = $this->generateNameID($nameidformat, self::generateID()); + $nameid = $this->generateNameID($nameidformat, self::generateID(), $spnamequalifier); } /** @@ -562,13 +563,20 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { private function generateNameID($type = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', - $value = 'anonymous') { - + $value = 'anonymous', $spnamequalifier = null) { + + $spnamequalifiertext = ''; + if (!empty($spnamequalifier)) { + $spnamequalifiertext = ' SPNameQualifier="' . htmlspecialchars($spnamequalifier) . '"'; + } + if ($type == self::EMAIL) { - return '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">' . htmlspecialchars($value) . '</saml:NameID>'; + return '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"' . + $spnamequalifiertext . '>' . htmlspecialchars($value) . '</saml:NameID>'; } else { - return '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">' . htmlspecialchars($value). '</saml:NameID>'; + return '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"' . + $spnamequalifiertext. '>' . htmlspecialchars($value). '</saml:NameID>'; } } diff --git a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php index 974ce53..9b38ac2 100644 --- a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php +++ b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php @@ -121,6 +121,12 @@ class SimpleSAML_XML_SAML20_LogoutRequest { $issuermd = $this->metadata->getMetaData($issuer, $issuerset); $receivermd = $this->metadata->getMetaData($receiver, $receiverset); + if ($mode == 'IdP') { + $spnamequalifier = isset($receivermd['SPNameQualifier']) ? $receivermd['SPNameQualifier'] : $receivermd['entityid']; + } else { + $spnamequalifier = isset($issuermd['SPNameQualifier']) ? $issuermd['SPNameQualifier'] : $issuermd['entityid']; + } + $id = self::generateID(); $issueInstant = self::generateIssueInstant(); @@ -133,7 +139,7 @@ class SimpleSAML_XML_SAML20_LogoutRequest { Destination="' . htmlspecialchars($destination) . '" IssueInstant="' . $issueInstant . '"> <saml:Issuer >' . htmlspecialchars($issuer) . '</saml:Issuer> - <saml:NameID Format="' . htmlspecialchars($nameid['Format']) . '">' . htmlspecialchars($nameid['value']) . '</saml:NameID> + <saml:NameID Format="' . htmlspecialchars($nameid['Format']) . '" SPNameQualifier="' . htmlspecialchars($spnamequalifier) . '">' . htmlspecialchars($nameid['value']) . '</saml:NameID> <samlp:SessionIndex>' . htmlspecialchars($sessionindex) . '</samlp:SessionIndex> </samlp:LogoutRequest> '; |