NameIDFormat never used

This issue has been created since 2021-09-17.

As far as I saw in the code, it is possible to specify a NameIDFormat in the settings but the code never uses the value defined.

This is what Saml::getSPMetadata() does:

<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

This is what AutnRequest::generateXml() does:

<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />

As you can see urn:oasis:names:tc:SAML:2.0:nameid-format:transient is always used, nevertheless Settings::_addDefaultValues() does:

// Related to nameID
if (!isset($this->_sp['NameIDFormat'])) {
  $this->_sp['NameIDFormat'] = Constants::NAMEID_UNSPECIFIED;
}
pitbulk wrote this answer on 2021-10-01
This is what Saml::getSPMetadata() does:
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

Where you saw that?

The metadata generator takes care of NameIDFormat reading it from SP settings:

<md:NameIDFormat>{$sp['NameIDFormat']}</md:NameIDFormat>

The AuthNRequest also takes care of the NameIDFormat provided

$nameIdPolicyStr = '';
        if ($setNameIdPolicy) {
            $nameIDPolicyFormat = $spData['NameIDFormat'];
            if (isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted']) {
                $nameIDPolicyFormat = OneLogin_Saml2_Constants::NAMEID_ENCRYPTED;
            }

            $nameIdPolicyStr = <<<NAMEIDPOLICY
    <samlp:NameIDPolicy
        Format="{$nameIDPolicyFormat}"
        AllowCreate="true" />
NAMEIDPOLICY;
        }

If you get transient, that means you configure in our settings the such NameIDFormat.

More Details About Repo
Owner Name onelogin
Repo Name php-saml
Full Name onelogin/php-saml
Language PHP
Created Date 2010-06-02
Updated Date 2022-09-27
Star Count 1056
Watcher Count 134
Fork Count 432
Issue Count 70

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
tryGet starts returning None 9 2022-05-27 2022-09-19
Add IMU Calibration Script 2 2022-05-27 2022-08-29
Several translations need correction 1 2022-09-18 2022-09-21
Support custom class when I use function to call dialog 0 2022-01-14 2022-08-01
Fails to install on Ruby 3.0.2 1 2021-08-11 2022-09-01
Please update project to latest flutter version 0 2021-11-26 2022-09-10
[Bug] [ci] Missing the maven-metadata.xml file in repository.jboss.org 1 2022-02-16 2022-08-18
DBFirst 如何设置实体继承基类或则接口? 1 2021-06-03 2022-07-30
报告一个bug (已解决) 0 2021-05-31 2021-12-27
System.Data.SQLite驱动版本不匹配 1 2021-05-27 2022-09-28
Undefined Graph Scale 1 2021-05-31 2022-08-30
Suggests/Request/Proposal : Separate Adapter. 1 2021-06-17 2022-08-29
您好,要重写appdelegate里面的方法, 如何重写呢。目前问题是, 由于重写了, 监听不到支付成功还是失败 1 2020-09-24 2022-09-20
更新到1.1.0版本后,微信支付完成后无法获得回调 17 2020-07-07 2022-09-20
environment problem 6 2019-11-07 2022-01-04
shape error in trainning of fastspeech2 on new dataset 2 2021-12-16 2022-09-10
HTTP Error 500: INTERNAL SERVER ERROR 1 2021-12-02 2022-09-17
Make skip_repair_examplars skip all examplars? 6 2021-03-18 2022-09-15
playsound can't work when using supervisor 0 2022-08-26 2022-09-21
Wrong Block.Header.Version is got in State Sync on many chains. 5 2022-03-27 2022-09-13
Enhance the `admin_ids` configuration option to support foreign trust 0 2022-09-01 2022-09-05
SIZE does not accept a Value Reference for the bounds 3 2021-02-15 2022-07-14
[BUG] binary crash zsh if configing with group-colors and completion descriptions 2 2022-02-04 2022-09-18
Deps and CLI 1 2018-10-06 2022-01-13
MDX2: Table incorrectly rendering 5 2022-06-23 2022-09-19
Provide spooning example of Testnet contract 0 2021-08-11 2022-08-05
sapmachine-11-jre package is no longer available 13 2021-07-22 2022-09-15
Replace ruby plugin 0 2021-05-11 2022-01-12
OFTC doesn't authenticate with cert 14 2022-07-04 2022-09-21
is there any light weight and device friendly reid models for edge device? 1 2022-01-25 2022-09-20
Data Explorer breaks when dataframe cell has complex data in it 8 2021-04-07 2022-09-23
Linewrap usage line? 3 2017-07-14 2022-09-12
`presentPaymentSheet` crashes the app in android 6 2021-10-04 2022-09-15
Setting default classes on form elements 1 2018-09-12 2022-07-23
DinD non-TLS / non-SSL mode of operation should not be crippled or removed 6 2021-10-12 2022-09-23
NetStandard output 2 2019-12-27 2022-01-23
Fix memoization of pass-through signature 0 2021-07-10 2022-09-27
Welcome tab theme link incorrect 1 2021-08-30 2022-09-13
[CoE Starter Kit - BUG] Admin Command Center - Coe Flows List Empty 13 2022-03-09 2022-08-07
[api-extractor] using `@microsoft/api-extractor-model` in browser 1 2022-06-12 2022-08-27
Bump webdriverIo for smoke tests 0 2021-09-08 2022-09-20
Bad Request to URI: / 0 2021-03-17 2022-09-28
Change active state if the page is 50px from top 1 2017-07-01 2022-09-17
Use native approach to load web workers 1 2021-08-06 2022-09-17
updateTestingRollback stopped working on CLI v4.4.0 1 2021-07-02 2022-08-05
minitouch不支持android10 7 2020-07-15 2022-09-24
Security: 4th Malfunction in function ead_open_pcap() 0 2022-09-15 2022-09-25
Failing test: Jest Tests.x-pack/plugins/infra/public/pages/link_to - useHostIpToName Hook should handle errors 2 2021-10-29 2022-09-12
Consistently replace String encoding names with StandardCharset arguments 4 2021-11-10 2022-09-15
Test failure: Loader\\CollectibleAssemblies\\ResolvedFromDifferentContext\\ResolvedFromDifferentContext\\ResolvedFromDifferentContext.cmd 16 2022-04-16 2022-09-15