|
14 | 14 | use SimpleSAML\SAML2\Exception\Protocol\{NoAvailableIDPException, NoPassiveException, NoSupportedIDPException}; |
15 | 15 | use SimpleSAML\SAML2\XML\md\ContactPerson; |
16 | 16 | use SimpleSAML\SAML2\XML\saml\NameID; |
| 17 | +use SimpleSAML\SAML2\XML\samlp\{Extensions, IDPEntry, IDPList, RequesterID, Scoping}; |
17 | 18 | use SimpleSAML\Store\StoreFactory; |
18 | 19 | use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory; |
19 | 20 | use Symfony\Component\HttpFoundation\{RedirectResponse, Request, Response}; |
@@ -564,46 +565,57 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response |
564 | 565 | $ar->setNameIdPolicy($state['saml:NameIDPolicy']); |
565 | 566 | } |
566 | 567 |
|
| 568 | + $proxyCount = $idpList = null; |
567 | 569 | $requesterID = []; |
568 | 570 |
|
569 | 571 | /* Only check for real info for Scoping element if we are going to send Scoping element */ |
570 | 572 | if ($this->disable_scoping !== true && $idpMetadata->getOptionalBoolean('disable_scoping', false) !== true) { |
| 573 | + $idpEntry = []; |
571 | 574 | if (isset($state['IDPList'])) { |
572 | | - $ar->setIDPList($state['IDPList']); |
| 575 | + $idpList = $state['IDPList']; |
573 | 576 | } elseif (!empty($this->metadata->getOptionalArray('IDPList', []))) { |
574 | | - $ar->setIDPList($this->metadata->getArray('IDPList')); |
| 577 | + foreach ($this->metadata->getArray('IDPList') as $entry) { |
| 578 | + $idpEntry[] = new IDPEntry($entry); |
| 579 | + } |
| 580 | + $idpList = new IDPList($idpEntry); |
575 | 581 | } elseif (!empty($idpMetadata->getOptionalArray('IDPList', []))) { |
576 | | - $ar->setIDPList($idpMetadata->getArray('IDPList')); |
| 582 | + foreach ($idpMetadata->getArray('IDPList') as $entry) { |
| 583 | + $idpEntry[] = new IDPEntry($entry); |
| 584 | + } |
| 585 | + $idpList = new IDPList($idpEntry); |
577 | 586 | } |
578 | 587 |
|
579 | 588 | if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) { |
580 | | - $ar->setProxyCount($state['saml:ProxyCount']); |
| 589 | + $proxyCount = $state['saml:ProxyCount']; |
581 | 590 | } elseif ($idpMetadata->hasValue('ProxyCount')) { |
582 | | - $ar->setProxyCount($idpMetadata->getInteger('ProxyCount')); |
| 591 | + $proxyCount = $idpMetadata->getInteger('ProxyCount'); |
583 | 592 | } elseif ($this->metadata->hasValue('ProxyCount')) { |
584 | | - $ar->setProxyCount($this->metadata->getInteger('ProxyCount')); |
| 593 | + $proxyCount = $this->metadata->getInteger('ProxyCount'); |
585 | 594 | } |
586 | 595 |
|
587 | 596 | $requesterID = []; |
588 | 597 | if (isset($state['saml:RequesterID'])) { |
589 | | - $requesterID = $state['saml:RequesterID']; |
| 598 | + foreach ($state['saml:RequesterID'] as $requesterId) { |
| 599 | + $requesterID[] = new RequesterID($requesterId); |
| 600 | + } |
590 | 601 | } |
591 | 602 |
|
592 | 603 | if (isset($state['core:SP'])) { |
593 | | - $requesterID[] = $state['core:SP']; |
| 604 | + $requesterID[] = new RequesterID($state['core:SP']); |
594 | 605 | } |
595 | 606 | } else { |
596 | 607 | Logger::debug('Disabling samlp:Scoping for ' . var_export($idpMetadata->getString('entityid'), true)); |
597 | 608 | } |
598 | 609 |
|
599 | | - $ar->setRequesterID($requesterID); |
| 610 | + $scoping = new Scoping($proxyCount, $idpList, $requesterID); |
| 611 | + $ar->setScoping($scoping); |
600 | 612 |
|
601 | 613 | // If the downstream SP has set extensions then use them. |
602 | 614 | // Otherwise use extensions that might be defined in the local SP (only makes sense in a proxy scenario) |
603 | 615 | if (isset($state['saml:Extensions']) && count($state['saml:Extensions']) > 0) { |
604 | | - $ar->setExtensions($state['saml:Extensions']); |
| 616 | + $ar->setExtensions(new Extensions($state['saml:Extensions'])); |
605 | 617 | } elseif ($this->metadata->getOptionalArray('saml:Extensions', null) !== null) { |
606 | | - $ar->setExtensions($this->metadata->getArray('saml:Extensions')); |
| 618 | + $ar->setExtensions(new Extensions($this->metadata->getArray('saml:Extensions'))); |
607 | 619 | } |
608 | 620 |
|
609 | 621 | $providerName = $this->metadata->getOptionalString("ProviderName", null); |
@@ -1014,9 +1026,9 @@ public function startSLO2(Configuration $config, array &$state): ?Response |
1014 | 1026 | $lr->setDestination($endpoint['Location']); |
1015 | 1027 |
|
1016 | 1028 | if (isset($state['saml:logout:Extensions']) && count($state['saml:logout:Extensions']) > 0) { |
1017 | | - $lr->setExtensions($state['saml:logout:Extensions']); |
| 1029 | + $lr->setExtensions(new Extensions($state['saml:logout:Extensions'])); |
1018 | 1030 | } elseif ($this->metadata->getOptionalArray('saml:logout:Extensions', null) !== null) { |
1019 | | - $lr->setExtensions($this->metadata->getArray('saml:logout:Extensions')); |
| 1031 | + $lr->setExtensions(new Extensions($this->metadata->getArray('saml:logout:Extensions'))); |
1020 | 1032 | } |
1021 | 1033 |
|
1022 | 1034 | $encryptNameId = $idpMetadata->getOptionalBoolean('nameid.encryption', null); |
|
0 commit comments