Bugfix: fix override over errorURL

tvdijen · tvdijen · commit 16271c64e84d · 2025-07-21T21:45:27.000+02:00
diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
@@ -11,6 +11,7 @@ Released TBD
 
 * Fix auth state AuthnInstant (#2478)
 * Allow "Secure" cookie attribute via HTTP on localhost (#2483)
+* Fix override over errorURL
 
 ## Version 2.3.8
 
diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php
@@ -962,6 +962,11 @@ public static function getHostedMetadata(string $entityid, ?MetaDataStorageHandl
             $metadata['RegistrationInfo'] = $config->getArray('RegistrationInfo');
         }
 
+        // Override errorURL if set
+        if ($config->hasValue('errorURL')) {
+            $metadata['errorURL'] = $config->getString('errorURL');
+        }
+
         // configure signature options
         if ($config->hasValue('validate.authnrequest')) {
             $metadata['sign.authnrequest'] = $config->getBoolean('validate.authnrequest');
diff --git a/tests/modules/saml/src/IdP/SAML2Test.php b/tests/modules/saml/src/IdP/SAML2Test.php
@@ -262,6 +262,20 @@ private function idpMetadataHandlerHelper(array $metadata, array $extraconfig =
         return SAML2::getHostedMetadata($metadata['entityid']);
     }
 
+
+    /**
+     * Test that an override for the errorURL produced the expected output.
+     */
+    public function testIdPGetHostedMetadataErrorUrlOverride(): void
+    {
+        $md = [
+            'errorURL' => 'https://simplesamlphp.org',
+        ];
+        $hostedMd = $this->idpMetadataHandlerHelper($md);
+        $this->assertEquals('https://simplesamlphp.org', $hostedMd['errorURL']);
+    }
+
+
     /**
      * A minimally configured hosted IdP has all default fields with expected values.
      */
