Skip to content

Commit ae108f5

Browse files
Added support to read sp_sign_assertions key to remove hardcoded value (#1107)
Co-authored-by: Lucas Michot <lucas@semalead.com>
1 parent 6ac55d6 commit ae108f5

2 files changed

Lines changed: 5 additions & 1 deletion

File tree

Provider.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,7 @@ public static function additionalConfigKeys(): array
169169
'sp_org_url',
170170
'sp_default_binding_method',
171171
'sp_name_id_format',
172+
'sp_sign_assertions',
172173
'idp_binding_method',
173174
'attribute_map',
174175
];
@@ -368,7 +369,9 @@ public function getIdentityProviderEntityDescriptor(): EntityDescriptor
368369
public function getServiceProviderEntityDescriptor(): EntityDescriptor
369370
{
370371
$spSsoDescriptor = new SpSsoDescriptor();
371-
$spSsoDescriptor->setWantAssertionsSigned(true)->addNameIDFormat($this->getNameIDFormat());
372+
$spSsoDescriptor
373+
->setWantAssertionsSigned((bool) $this->getConfig('sp_sign_assertions', true))
374+
->addNameIDFormat($this->getNameIDFormat());
372375

373376
foreach ([SamlConstants::BINDING_SAML2_HTTP_REDIRECT, SamlConstants::BINDING_SAML2_HTTP_POST] as $binding) {
374377
$acsRoute = $this->getAssertionConsumerServiceRoute();

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,7 @@ SAML2 supports the signing and encryption of messages and assertions. Many Ident
160160
'sp_certificate' => file_get_contents('path/to/sp_saml.crt'),
161161
'sp_private_key' => file_get_contents('path/to/sp_saml.pem'),
162162
'sp_private_key_passphrase' => 'passphrase to your private key, provide it only if you have one',
163+
'sp_sign_assertions' => true, // or false to disable assertion signing
163164
],
164165
```
165166

0 commit comments

Comments
 (0)