Skip to content

Commit 7de7e39

Browse files
pitbulkpitbulk
committed
Remove Comparison atribute from RequestedAuthnContext when setting has empty value
1 parent a5a520b commit 7de7e39

2 files changed

Lines changed: 15 additions & 2 deletions

File tree

src/Saml2/AuthnRequest.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -127,15 +127,20 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = fa
127127
$authnComparison = $security['requestedAuthnContextComparison'];
128128
}
129129

130+
$authnComparisonAttr = '';
131+
if (!empty($authnComparison)) {
132+
$authnComparisonAttr = sprintf('Comparison="%s"', $authnComparison);
133+
}
134+
130135
if ($security['requestedAuthnContext'] === true) {
131136
$requestedAuthnStr = <<<REQUESTEDAUTHN
132137
133-
<samlp:RequestedAuthnContext Comparison="$authnComparison">
138+
<samlp:RequestedAuthnContext $authnComparisonAttr>
134139
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
135140
</samlp:RequestedAuthnContext>
136141
REQUESTEDAUTHN;
137142
} else {
138-
$requestedAuthnStr .= " <samlp:RequestedAuthnContext Comparison=\"$authnComparison\">\n";
143+
$requestedAuthnStr .= " <samlp:RequestedAuthnContext $authnComparisonAttr>\n";
139144
foreach ($security['requestedAuthnContext'] as $contextValue) {
140145
$requestedAuthnStr .= " <saml:AuthnContextClassRef>".$contextValue."</saml:AuthnContextClassRef>\n";
141146
}

tests/src/OneLogin/Saml2/AuthnRequestTest.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,14 @@ public function testAuthNContext()
100100
$decoded5 = base64_decode($encodedRequest5);
101101
$request5 = gzinflate($decoded5);
102102
$this->assertContains('<samlp:RequestedAuthnContext Comparison="minimum">', $request5);
103+
104+
$settingsInfo['security']['requestedAuthnContextComparison'] = '';
105+
$settings6 = new Settings($settingsInfo);
106+
$authnRequest6 = new AuthnRequest($settings6);
107+
$encodedRequest6 = $authnRequest6->getRequest();
108+
$decoded6 = base64_decode($encodedRequest6);
109+
$request6 = gzinflate($decoded6);
110+
$this->assertContains('<samlp:RequestedAuthnContext >', $request6);
103111
}
104112

105113
/**

0 commit comments

Comments
 (0)