Different way of detecting IdP information metadata and authentication.

8 views
Skip to first unread message

Dubravko Penezic

unread,
Feb 23, 2020, 3:02:54 PM2/23/20
to SimpleSAMLphp developers
Hi all,

after few days of working around I found that SSP in version 1.18.4 (same things goes till 1.14.x maybe even lower version) differently treat request for IdP metadata and authentication.

www/saml2/idp/metadata.php
$idpentityid = isset($_GET['idpentityid']) ?
        $_GET
['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idpmeta
= $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');

www/saml2/idp/SSOService.php
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp
= \SimpleSAML\IdP::getById('saml2:' . $idpEntityId);

I didnt found reason way that is different, event dont understand way variable has different name.

On other hand neither metadata.php did correct way of detecting IdP entityID, because very probably first we will need to test if exist returnIDParam and if exist check for value, then use that value to check attribute with that name  and value which will get Idp entityID, if nothing of that exist then use $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted') .

If I understand something wrong, please be so kind and explain reason for that.

Regards,
Dubravko
Reply all
Reply to author
Forward
0 new messages