add additional saml:Issuer metadata

[jazzsequence]

incomplete XML tag can result in unidentified service provider in some environments

[pitbulk]

The saml namespace is already defined on the AuthNRequest element, why you need to redefine it on the Issuer element?

[jazzsequence]

In our environment, not including the additional tags in the saml xml element is causing an error on the IdP in SP-initiated authentication in which the Issuer is not being recognized.

At the very least here there should be a filter so this tag can be customized for different environments.

[pitbulk]

Do you know what software is used on the IdP side?

The AuthNRequest generated by php-saml is valid and follows the SAML standard so the IdP should process it.

I can't create a custom filter to add or not a namespace in each element of the AuthNRequest... the IdP should fix their side and be able to handle a valid AuthNRequest.

Ref: https://en.wikipedia.org/wiki/SAML_2.0#Authentication_Request_Protocol (Check how the AuthNRequest that appears on the wikipedia has the same format that the one generated by the php-saml).

[jazzsequence]

I do not know what software the IdP uses, only that it uses Kerberos authentication (which is the reason we are using your plugin). If it's important, I can find out when I speak to the team.

The issue we are seeing is that when redirected to the IdP to authenticate, the request is rejected and they are taken to an error page. Thus far, I have not been given any specific error, just a generic error page (I cannot test this myself as I do not have access to their system). In speaking with the SSO team and looking at the XML requests coming from the WordPress site, they identified the <saml:Issuer> tag as missing information. However, adding it hasn't helped, either and this PR can probably be closed.

I would be interested if you had ideas/suggestions as to why the SP is being rejected that I can take to the SSO team when I speak to them next.