Fix typo in ignoreValidUntil that breaks metadata, See #603. Add parameter to exclude validUntil on Settings getSPMetadata, See #568

pitbulk · pitbulk · commit 51d4b69b1e68 · 2025-05-22T01:33:31.000+02:00
diff --git a/lib/Saml2/Metadata.php b/lib/Saml2/Metadata.php
@@ -155,7 +155,7 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
 
         if ($ignoreValidUntil) {
             $timeStr = <<<TIME_TEMPLATE
-cacheDuration="PT{$cacheDuration}S";
+cacheDuration="PT{$cacheDuration}S"
 TIME_TEMPLATE;
         } else {
             $timeStr = <<<TIME_TEMPLATE
diff --git a/lib/Saml2/Settings.php b/lib/Saml2/Settings.php
@@ -888,6 +888,7 @@ public function getIdPSLOResponseUrl()
      *   or $advancedSettings['security']['wantAssertionsEncrypted'] are enabled.
      * @param DateTime|null $validUntil    Metadata's valid time
      * @param int|null      $cacheDuration Duration of the cache in seconds
+     * @param bool          $ignoreValidUntil exclude the validUntil tag from metadata
      *
      * @return string  SP metadata (xml)
      *
@@ -896,7 +897,7 @@ public function getIdPSLOResponseUrl()
      */
     public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null)
     {
-        $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization());
+        $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization(), [], $ignoreValidUntil);
 
         $certNew = $this->getSPcertNew();
         if (!empty($certNew)) {

Original file line number	Diff line number	Diff line change
`@@ -888,6 +888,7 @@ public function getIdPSLOResponseUrl()`
`888`	`888`	`* or $advancedSettings['security']['wantAssertionsEncrypted'] are enabled.`
`889`	`889`	`* @param DateTime\|null $validUntil Metadata's valid time`
`890`	`890`	`* @param int\|null $cacheDuration Duration of the cache in seconds`
	`891`	`+ * @param bool $ignoreValidUntil exclude the validUntil tag from metadata`
`891`	`892`	`*`
`892`	`893`	`* @return string SP metadata (xml)`
`893`	`894`	`*`
`@@ -896,7 +897,7 @@ public function getIdPSLOResponseUrl()`
`896`	`897`	`*/`
`897`	`898`	`public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null)`
`898`	`899`	`{`
`899`		`- $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization());`
	`900`	`+ $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization(), [], $ignoreValidUntil);`
`900`	`901`
`901`	`902`	`$certNew = $this->getSPcertNew();`
`902`	`903`	`if (!empty($certNew)) {`