Skip to content

Commit

Permalink
Merge pull request #228 from silinternational/feature/ssp-2-nameidpolicy
Browse files Browse the repository at this point in the history
NameIDPolicy must now be an array
  • Loading branch information
briskt authored Jun 18, 2024
2 parents 65daf43 + 75a6212 commit 14c76eb
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 7 deletions.
10 changes: 8 additions & 2 deletions development/sp-local/config/authsources-pwmanager.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,20 @@
'entityID' => 'http://pwmanager.local:8084',
'idp' => 'http://ssp-idp1.local:8085',
'discoURL' => null,
'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
'NameIDPolicy' => [
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'AllowCreate' => true,
],
],

'mfa-idp-no-port' => [
'saml:SP',
'entityID' => 'http://pwmanager.local',
'idp' => 'http://ssp-idp1.local',
'discoURL' => null,
'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
'NameIDPolicy' => [
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'AllowCreate' => true,
],
],
];
12 changes: 9 additions & 3 deletions development/sp-local/config/authsources.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,11 @@
'discoURL' => null,

// Tell the Hub which format to use for the NameID
'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",

'NameIDPolicy' => [
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'AllowCreate' => true,
],

// Specify what private key to use (such as for decrypting assertions).
'privatekey' => 'saml.pem',
],
Expand All @@ -51,7 +54,10 @@
'discoURL' => null,

// Tell the Hub which format to use for the NameID
'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
'NameIDPolicy' => [
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'AllowCreate' => true,
],

// Specify what private key to use (such as for decrypting assertions).
'privatekey' => 'saml.pem',
Expand Down
7 changes: 6 additions & 1 deletion docs/editing_authprocs.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,12 @@ The IdP's metadata needs to include an `'IDPNamespace'` entry with a string valu

In order for this to work, the SP needs to include a line in its authsources.php file in the Hub's entry ...

` 'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",`
```
'NameIDPolicy' => [
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'AllowCreate' => true,
],
```

In addition, the IDP's sp-remote metadata stanza for the Hub needs to include ...

Expand Down
5 changes: 4 additions & 1 deletion modules/sildisco/src/Auth/Process/AddIdp2NameId.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@
*
* Also, for this to work, the SP needs to include a line in its
* authsources.php file in the IdP's entry ...
* 'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
* 'NameIDPolicy' => [
* 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
* 'AllowCreate' => true,
* ],
*
*/
class AddIdp2NameId extends \SimpleSAML\Auth\ProcessingFilter {
Expand Down

0 comments on commit 14c76eb

Please sign in to comment.