Skip to content

Commit a1681a6

Browse files
tvdijentvdijen
committed
Migrate saml:Audience
1 parent e17e0d2 commit a1681a6

2 files changed

Lines changed: 8 additions & 3 deletions

File tree

modules/saml/src/IdP/SAML2.php

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
use SimpleSAML\SAML2\Constants as C;
1919
use SimpleSAML\SAML2\Exception\ArrayValidationException;
2020
use SimpleSAML\SAML2\XML\md\ContactPerson;
21-
use SimpleSAML\SAML2\XML\saml\{AttributeValue, Issuer, NameID, SubjectConfirmation, SubjectConfirmationData};
21+
use SimpleSAML\SAML2\XML\saml\{AttributeValue, Audience, Issuer, NameID, SubjectConfirmation, SubjectConfirmationData};
2222
use SimpleSAML\SAML2\XML\saml\{AuthenticatingAuthority, AuthnContext, AuthnContextClassRef}; // AuthnContext
2323
use SimpleSAML\SAML2\XML\samlp\{Status, StatusCode, StatusMessage}; // Status
2424
use SimpleSAML\XML\DOMDocumentFactory;
@@ -27,6 +27,7 @@
2727
use Symfony\Component\HttpFoundation\{Request, Response};
2828

2929
use function array_key_exists;
30+
use function array_map;
3031
use function array_merge;
3132
use function array_pop;
3233
use function array_unique;
@@ -1168,8 +1169,9 @@ private static function buildAssertion(
11681169
$issuer->setFormat(C::NAMEID_ENTITY);
11691170
$a->setIssuer($issuer);
11701171

1171-
$audience = array_merge([$spMetadata->getString('entityid')], $spMetadata->getOptionalArray('audience', []));
1172-
$a->setValidAudiences($audience);
1172+
$audiences = array_merge([$spMetadata->getString('entityid')], $spMetadata->getOptionalArray('audience', []));
1173+
$audiences = array_map(fn($audience): Audience => new Audience($audience), $audiences);
1174+
$a->setValidAudiences($audiences);
11731175

11741176
$a->setNotBefore($now - 30);
11751177

modules/saml/src/Message.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -710,6 +710,9 @@ private static function processAssertion(
710710
}
711711
$validAudiences = $assertion->getValidAudiences();
712712
if ($validAudiences !== []) {
713+
// Turn array of saml:Audience objects into an array of identifiers
714+
$validAudiences = array_map(fn($audience): string => $audience->getContent(), $validAudiences);
715+
713716
$spEntityId = $spMetadata->getString('entityid');
714717
if (!in_array($spEntityId, $validAudiences, true)) {
715718
$candidates = '[' . implode('], [', $validAudiences) . ']';

0 commit comments

Comments
 (0)