Extend @mapgrady's patch for simplesamlphp#498 to allow Scoping to be…

… disabled on a per-idp basis as well as globally
ghalse · May 16, 2017 · 2646c98 · 2646c98
1 parent 9cd13d5
commit 2646c98
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
@@ -251,7 +251,7 @@ private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
 		$requesterID = array();
 
 		/* Only check for real info for Scoping element if we are going to send Scoping element */
-		if ($this->disable_scoping != true) {
+		if ($this->disable_scoping != true && $idpMetadata->getBoolean('disable_scoping', false) != true) {
 			if (isset($state['saml:IDPList'])) {
 				$IDPList = $state['saml:IDPList'];
 			}
@@ -271,6 +271,8 @@ private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
 			if (isset($state['core:SP'])) {
 				$requesterID[] = $state['core:SP'];
 			}
+		} else {
+			SimpleSAML\Logger::debug('Disabling samlp:Scoping for ' . var_export($idpMetadata->getString('entityid'), TRUE));
 		}
 
 		$ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()),