Skip to content

Commit 237c156

Browse files
andreassolbergandreassolberg
committed
Fix for handling NoPassive responses to Google apps when using NameIDFormats that are different from Transient...
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1146 44740490-163a-0410-bde0-09ae8108e29a
1 parent c175197 commit 237c156

2 files changed

Lines changed: 26 additions & 16 deletions

File tree

lib/SimpleSAML/XML/SAML20/AuthnResponse.php

Lines changed: 25 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -653,6 +653,8 @@ public function generate($idpentityid, $spentityid, $inresponseto, $nameid, $att
653653
$idpmd = $this->metadata->getMetaData($idpentityid, 'saml20-idp-hosted');
654654
$spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote');
655655

656+
# echo '<pre>'; print_r($idpmd); exit;
657+
656658
$issuer = $idpentityid;
657659
$destination = $spmd['AssertionConsumerService'];
658660

@@ -673,6 +675,7 @@ public function generate($idpentityid, $spentityid, $inresponseto, $nameid, $att
673675
/**
674676
* Handling attributes.
675677
*/
678+
676679
$base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false;
677680
$nameidformat = isset($spmd['NameIDFormat']) ? $spmd['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
678681
$spnamequalifier = isset($spmd['SPNameQualifier']) ? $spmd['SPNameQualifier'] : $spmd['entityid'];
@@ -684,31 +687,38 @@ public function generate($idpentityid, $spentityid, $inresponseto, $nameid, $att
684687
elseif (isset($idpmd['AttributeNameFormat']))
685688
$attributeNameFormat = $idpmd['AttributeNameFormat'];
686689

687-
688-
$encodedattributes = '';
689-
foreach ($attributes AS $name => $values) {
690-
$encodedattributes .= self::enc_attribute($name, $values, $base64, $attributeNameFormat);
691-
}
692-
$attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>';
693-
694690
$sendattributes = isset($spmd['simplesaml.attributes']) ? $spmd['simplesaml.attributes'] : true;
695-
696-
if (!$sendattributes)
697-
$attributestatement = '';
698-
691+
$attributestatement = '';
692+
if ($sendattributes && !is_null($attributes)) {
693+
$encodedattributes = '';
694+
foreach ($attributes AS $name => $values) {
695+
$encodedattributes .= self::enc_attribute($name, $values, $base64, $attributeNameFormat);
696+
}
697+
$attributestatement = '<saml:AttributeStatement>' . $encodedattributes . '</saml:AttributeStatement>';
698+
}
699+
699700

700701

701702
/**
702703
* Handling NameID
703704
*/
705+
$nameIdValue = NULL;
704706
if ( ($nameidformat == self::EMAIL) or ($nameidformat == self::PERSISTENT) ) {
705-
$nameIdValue = $attributes[$spmd['simplesaml.nameidattribute']][0];
707+
if (!is_null($attributes)) {
708+
$nameIdValue = $attributes[$spmd['simplesaml.nameidattribute']][0];
709+
}
706710
} else {
707711
$nameIdValue = SimpleSAML_Utilities::generateID();
708712
}
709-
$nameIdData = array('Format' => $nameidformat, 'value' => $nameIdValue);
710-
$session->setSessionNameId('saml20-sp-remote', $spentityid, $nameIdData);
711-
$nameid = $this->generateNameID($nameidformat, $nameIdValue, $spnamequalifier);
713+
714+
$nameid = '';
715+
if (!empty($nameIdValue)) {
716+
$nameIdData = array('Format' => $nameidformat, 'value' => $nameIdValue);
717+
$session->setSessionNameId('saml20-sp-remote', $spentityid, $nameIdData);
718+
$nameid = $this->generateNameID($nameidformat, $nameIdValue, $spnamequalifier);
719+
}
720+
721+
712722

713723
$assertion = "";
714724
if ($status === 'Success') {

www/saml2/idp/SSOService.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@
221221
* With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive
222222
*/
223223
$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
224-
$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], null, array(), 'NoPassive');
224+
$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], NULL, NULL, 'NoPassive');
225225

226226
/* Sending the AuthNResponse using HTTP-Post SAML 2.0 binding. */
227227
$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);

0 commit comments

Comments
 (0)