search

SAML-Toolkits / php-saml

Simple SAML toolkit for PHP
MIT License
1.23k stars 469 forks source link

enable empty nameId when wantNameId is false #577

Closed TumaMilan closed 4 months ago

TumaMilan commented 6 months ago

We are facing issues when our IP sends empty nameId. There is no reason to throw Exception when I set setting wantNameId as false. Disabling _strict is not good way, I thing. Thank you!

pitbulk commented 5 months ago

What IdP are you using? If the NameId element is defined in the SAMLResponse, its value should not be empty.

TumaMilan commented 4 months ago

Unfortunately, this is the subject of a philosophical question. My IdP strictly binds NameId to email. In some special justified cases user has not email filled. For our use case it would be OK, to have empty NameId and read another data from atributes. I know, without NameId user cannot logout, but i tis not needed. Why Toolkit disables use empty NameId, but omitted NameId is all right? Don’t understand. Thank for our help Milan Tůma

From: Sixto Martin @.> Sent: Friday, April 26, 2024 9:16 PM To: SAML-Toolkits/php-saml @.> Cc: Tůma Milan @.>; Author @.> Subject: Re: [SAML-Toolkits/php-saml] enable empty nameId when wantNameId is false (PR #577)

What IdP are you using? If the NameId element is defined in the SAMLResponse, its value should not be empty.

— Reply to this email directly, view it on GitHubhttps://github.com/SAML-Toolkits/php-saml/pull/577#issuecomment-2079985926, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AP3E77ZGXKXBGRGXHEXRSNTY7KRYLAVCNFSM6AAAAABESTZYROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANZZHE4DKOJSGY. You are receiving this because you authored the thread.Message ID: @.**@.>>

pitbulk commented 4 months ago

Fair. Fixed here: https://github.com/SAML-Toolkits/php-saml/commit/2cc05760ca04bab315da773be2113ca2e9fa44e3

TumaMilan commented 4 months ago

Thank you very much!

From: Sixto Martin @.> Sent: Monday, May 13, 2024 1:14 PM To: SAML-Toolkits/php-saml @.> Cc: Tůma Milan @.>; Author @.> Subject: Re: [SAML-Toolkits/php-saml] enable empty nameId when wantNameId is false (PR #577)

Fair. Fixed here: 2cc0576https://github.com/SAML-Toolkits/php-saml/commit/2cc05760ca04bab315da773be2113ca2e9fa44e3

— Reply to this email directly, view it on GitHubhttps://github.com/SAML-Toolkits/php-saml/pull/577#issuecomment-2107299906, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AP3E772HI4XHEYCIE2A33VTZCCN75AVCNFSM6AAAAABESTZYROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBXGI4TSOJQGY. You are receiving this because you authored the thread.Message ID: @.**@.>>