public function testMetadataOverAuthnRequest() { // Input $nameId = array('Format' => Saml2_Const::NAMEID_UNSPECIFIED, 'Value' => $this->response->getIntendedNameId()); $this->serviceProvider->nameIdFormat = $nameId['Format']; $this->serviceProvider->supportedNameIdFormats[] = Saml2_Const::NAMEID_UNSPECIFIED; /** @var SAML2_AuthnRequest $request */ $request = $this->request; $request->setNameIdPolicy(array('Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); // Run $resolvedNameId = $this->resolver->resolve($this->request, $this->response, $this->serviceProvider, $this->collabPersonId); // Test $this->assertEquals($nameId, $resolvedNameId, 'Assertion NameID is set to what is set for this SP in the Metadata, NOT what it requested'); }
/** * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request * @param EngineBlock_Saml2_ResponseAnnotationDecorator $response * @param ServiceProvider $destinationMetadata * @param $collabPersonId * @return array */ public function resolve(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, EngineBlock_Saml2_ResponseAnnotationDecorator $response, ServiceProvider $destinationMetadata, $collabPersonId) { $customNameId = $response->getCustomNameId(); if ($customNameId) { return $customNameId; } $nameIdFormat = $this->_getNameIdFormat($request, $destinationMetadata); $requireUnspecified = $nameIdFormat === SAML2_Const::NAMEID_UNSPECIFIED; if ($requireUnspecified) { return array('Format' => $nameIdFormat, 'Value' => $response->getIntendedNameId()); } $requireTransient = $nameIdFormat === SAML2_Const::NAMEID_TRANSIENT; if ($requireTransient) { return array('Format' => $nameIdFormat, 'Value' => $this->_getTransientNameId($destinationMetadata->entityId, $response->getOriginalIssuer())); } return array('Format' => $nameIdFormat, 'Value' => $this->_getPersistentNameId($collabPersonId, $destinationMetadata->entityId)); }