Reorder SAML bindings to put default ACS first (#2621)
This is just in case we interact with a dumb SP who doesn't implement isDefault correctly. And to preserve (almost) byte-for-byte metadata content for existing installations
This commit is contained in:
parent
1d4b202ebb
commit
de8f5adf96
|
@ -164,12 +164,22 @@ sub serviceToXML {
|
|||
samlIDPSSODescriptorArtifactResolutionServiceArtifact
|
||||
);
|
||||
|
||||
my %indexed_endpoints;
|
||||
foreach (@param_assertion) {
|
||||
my @_tab = split( /;/, $self->getValue( $_, $conf ) );
|
||||
$template->param( $_ . 'Default', $_tab[0] ? 'true' : 'false' );
|
||||
$template->param( $_ . 'Index', $_tab[1] );
|
||||
$template->param( $_ . 'Binding', $_tab[2] );
|
||||
$template->param( $_ . 'Location', $_tab[3] );
|
||||
$indexed_endpoints{ $_ . 'Default' } = ( $_tab[0] ? 'true' : 'false' );
|
||||
$indexed_endpoints{ $_ . 'Index' } = $_tab[1];
|
||||
$indexed_endpoints{ $_ . 'Binding' } = $_tab[2];
|
||||
$indexed_endpoints{ $_ . 'Location' } = $_tab[3];
|
||||
}
|
||||
$template->param(%indexed_endpoints);
|
||||
|
||||
if (
|
||||
$indexed_endpoints{samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault}
|
||||
eq 'true'
|
||||
)
|
||||
{
|
||||
$template->param( "ACSArtifactDefault" => 1 );
|
||||
}
|
||||
|
||||
# Return the XML metadata.
|
||||
|
@ -310,6 +320,7 @@ __DATA__
|
|||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:entity</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<TMPL_IF ACSArtifactDefault>
|
||||
<AssertionConsumerService
|
||||
isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault">"
|
||||
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactIndex">"
|
||||
|
@ -320,6 +331,18 @@ __DATA__
|
|||
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostIndex">"
|
||||
Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostBinding">"
|
||||
Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostLocation">" />
|
||||
<TMPL_ELSE>
|
||||
<AssertionConsumerService
|
||||
isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostDefault">"
|
||||
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostIndex">"
|
||||
Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostBinding">"
|
||||
Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPPostLocation">" />
|
||||
<AssertionConsumerService
|
||||
isDefault="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactDefault">"
|
||||
index="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactIndex">"
|
||||
Binding="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactBinding">"
|
||||
Location="<TMPL_VAR NAME="samlSPSSODescriptorAssertionConsumerServiceHTTPArtifactLocation">" />
|
||||
</TMPL_IF>
|
||||
</SPSSODescriptor>
|
||||
</TMPL_UNLESS>
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user