summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/SAML2/SOAPClient.php9
-rw-r--r--modules/saml/docs/sp.txt2
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
index fc1824f..15b0690 100644
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -31,9 +31,12 @@ class SAML2_SOAPClient {
// Determine if we are going to do a MutualSSL connection between the IdP and SP - Shoaib
if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
- $ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
- if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
- $ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+ $cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
+ if ($cert !== FALSE) {
+ $ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
+ if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
+ $ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+ }
}
} else {
/* Use the SP certificate and privatekey if it is configured. */
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 7d4fd1f..9c7bc94 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -241,6 +241,8 @@ Options
: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
If this option isn't specified, the SP private key and certificate will be used.
+: This option can also be set to `FALSE`, in which case no client certificate will be used.
+
`saml.SOAPClient.privatekey_pass`
: The passphrase of the privatekey in `saml.SOAPClient.certificate`.
generated by cgit v1.1 at 2025-05-28 22:33:36 +0000