NameID format is hardcoded (AuthnRequest)

lightSAML / SpBundle

SAML2 SP Symfony Bundle based on LightSAML

https://www.lightsaml.com/SP-Bundle/

MIT License

66 stars 70 forks source link

NameID format is hardcoded (AuthnRequest) #54

Closed 01e9 closed 7 years ago

01e9 commented 7 years ago

https://github.com/lightSAML/lightSAML/blob/d0253368b7eba88e867545ab3590cbcc7fa8b04d/src/LightSaml/Action/Profile/Outbound/Message/CreateMessageIssuerAction.php#L36

01e9 commented 7 years ago

Fixed with this code in controller before AuthnRequest generation

// Weird LightSAML event system (Doesn't work with Symfony events)
$this->get('lightsaml.system.event_dispatcher')->addListener(
    Events::BEFORE_ENCRYPT,
    function (GenericEvent $event) {
        /** @var ContextInterface $context */
        $context = $event->getSubject();

        // Add NameIDFormat to AuthnRequest
        if (
            $context instanceof ProfileContext &&
            $context->getProfileId() === 'sso_sp_send_authn_req'
        ) {
            $nameIdFormat = SamlConstants::NAME_ID_FORMAT_PERSISTENT;

            /** @var AuthnRequest $authnRequest */
            $authnRequest = $context->getOutboundContext()->getMessage();
            $authnRequest->setNameIDPolicy(new NameIDPolicy($nameIdFormat, false));
            $authnRequest->getIssuer()->setFormat($nameIdFormat);
        }
    }
);

01e9 commented 7 years ago

How to trigger LightSaml events on Symfony event disptacher

Set in config.yml

light_saml_symfony_bridge:
    ...
    system:
        # dispatch LightSaml events on Symfony event dispatcher instead of separate dispatcher
        event_dispatcher: 'event_dispatcher'

So the above event can be hooked as usual

use LightSaml\Event\Events;

public static function getSubscribedEvents()
{
    return [
        Events::BEFORE_ENCRYPT => 'onSamlBeforeEncrypt',
    ];
}