Prevented saml2 autodiscovery on metadata load
Fixes issue where metadata cannot be viewed if autload is active and entityid url is not active. For #2480
This commit is contained in:
parent
0269f5122e
commit
f0ac454be1
2 changed files with 22 additions and 11 deletions
|
@ -20,14 +20,11 @@ use OneLogin\Saml2\ValidationError;
|
|||
*/
|
||||
class Saml2Service
|
||||
{
|
||||
protected $config;
|
||||
protected $registrationService;
|
||||
protected $loginService;
|
||||
protected $groupSyncService;
|
||||
protected array $config;
|
||||
protected RegistrationService $registrationService;
|
||||
protected LoginService $loginService;
|
||||
protected GroupSyncService $groupSyncService;
|
||||
|
||||
/**
|
||||
* Saml2Service constructor.
|
||||
*/
|
||||
public function __construct(
|
||||
RegistrationService $registrationService,
|
||||
LoginService $loginService,
|
||||
|
@ -169,7 +166,7 @@ class Saml2Service
|
|||
*/
|
||||
public function metadata(): string
|
||||
{
|
||||
$toolKit = $this->getToolkit();
|
||||
$toolKit = $this->getToolkit(true);
|
||||
$settings = $toolKit->getSettings();
|
||||
$metadata = $settings->getSPMetadata();
|
||||
$errors = $settings->validateMetadata($metadata);
|
||||
|
@ -190,7 +187,7 @@ class Saml2Service
|
|||
* @throws Error
|
||||
* @throws Exception
|
||||
*/
|
||||
protected function getToolkit(): Auth
|
||||
protected function getToolkit(bool $spOnly = false): Auth
|
||||
{
|
||||
$settings = $this->config['onelogin'];
|
||||
$overrides = $this->config['onelogin_overrides'] ?? [];
|
||||
|
@ -200,14 +197,14 @@ class Saml2Service
|
|||
}
|
||||
|
||||
$metaDataSettings = [];
|
||||
if ($this->config['autoload_from_metadata']) {
|
||||
if (!$spOnly && $this->config['autoload_from_metadata']) {
|
||||
$metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']);
|
||||
}
|
||||
|
||||
$spSettings = $this->loadOneloginServiceProviderDetails();
|
||||
$settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides);
|
||||
|
||||
return new Auth($settings);
|
||||
return new Auth($settings, $spOnly);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -41,6 +41,20 @@ class Saml2Test extends TestCase
|
|||
$req->assertSee(url('/saml2/acs'));
|
||||
}
|
||||
|
||||
public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set()
|
||||
{
|
||||
config()->set([
|
||||
'saml2.autoload_from_metadata' => true,
|
||||
'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292',
|
||||
'saml2.onelogin.idp.singleSignOnService.url' => null,
|
||||
]);
|
||||
|
||||
$req = $this->get('/saml2/metadata');
|
||||
$req->assertOk();
|
||||
$req->assertHeader('Content-Type', 'text/xml; charset=UTF-8');
|
||||
$req->assertSee('md:EntityDescriptor');
|
||||
}
|
||||
|
||||
public function test_onelogin_overrides_functions_as_expected()
|
||||
{
|
||||
$json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "barry@example.com"}}}';
|
||||
|
|
Loading…
Reference in a new issue