Force AllowCreate in NameIDPolicy (#1200)

2017-03-16 18:39:00 +00:00 · 2017-03-16 18:39:00 +00:00 · 272296841a
parent 393f99c234
commit 272296841a
1 changed files with 12 additions and 0 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
@ -342,6 +342,18 @@ sub run {
                $self->logger->debug("Message signature will not be checked");
            }

+            # Force AllowCreate to TRUE for transient/persistent NameIDPolicy
+            if ( $login->request()->NameIDPolicy ) {
+                my $nif = $login->request()->NameIDPolicy->Format();
+                if (   $nif eq $self->getNameIDFormat("transient")
+                    or $nif eq $self->getNameIDFormat("persistent") )
+                {
+                    $self->logger->debug(
+                        "Force AllowCreate flag in NameIDPolicy");
+                    eval { $login->request()->NameIDPolicy()->AllowCreate(1); };
+                }
+            }
+
            # Validate request
            unless ( $self->validateRequestMsg( $login, 1, 1 ) ) {
                $self->logger->error("Unable to validate SSO request message");