Loading config/schema/samlauth.schema.yml +2 −0 Original line number Diff line number Diff line Loading @@ -105,6 +105,8 @@ samlauth.authentication: type: boolean security_logout_reuse_sigs: type: boolean security_allow_repeat_attribute_name: type: boolean debug_display_error_details: type: boolean debug_log_in: Loading src/Form/SamlauthConfigureForm.php +8 −0 Original line number Diff line number Diff line Loading @@ -1128,6 +1128,13 @@ class SamlauthConfigureForm extends ConfigFormBase { '#default_value' => $config->get('security_want_name_id') ?? TRUE, ]; $form['responses']['security_allow_repeat_attribute_name'] = [ '#type' => 'checkbox', '#title' => $this->t('Allow duplicate attribute names'), '#description' => $this->t('Do not raise an error when the authentication response contains duplicate attribute elements with the same name.'), '#default_value' => $config->get('security_allow_repeat_attribute_name'), ]; // This option's default value is FALSE but according to the SAML spec, // signing parameters should always be retrieved from the original request // instead of recalculated. (As argued in e.g. Loading Loading @@ -1571,6 +1578,7 @@ class SamlauthConfigureForm extends ConfigFormBase { 'security_messages_sign', 'request_set_name_id_policy', 'security_want_name_id', 'security_allow_repeat_attribute_name', 'security_logout_reuse_sigs', 'security_request_authn_context', 'security_signature_algorithm', Loading src/SamlService.php +2 −0 Original line number Diff line number Diff line Loading @@ -953,6 +953,8 @@ class SamlService { // Used for login / logout / SLO response, sent after processing // incoming SLO request; should be deprecated: 'lowercaseUrlencoding' => (bool) $config->get('security_lowercase_url_encoding'), // Allow duplicated Attribute Names. Used for acs. 'allowRepeatAttributeName' => (bool) $config->get('security_allow_repeat_attribute_name'), // (*): also influences Settings:__construct() checks for SP cert+key. // (**): if either of these properties is true, an extra 'encryption' // certificate is always included in the metadata. (With the same value Loading Loading
config/schema/samlauth.schema.yml +2 −0 Original line number Diff line number Diff line Loading @@ -105,6 +105,8 @@ samlauth.authentication: type: boolean security_logout_reuse_sigs: type: boolean security_allow_repeat_attribute_name: type: boolean debug_display_error_details: type: boolean debug_log_in: Loading
src/Form/SamlauthConfigureForm.php +8 −0 Original line number Diff line number Diff line Loading @@ -1128,6 +1128,13 @@ class SamlauthConfigureForm extends ConfigFormBase { '#default_value' => $config->get('security_want_name_id') ?? TRUE, ]; $form['responses']['security_allow_repeat_attribute_name'] = [ '#type' => 'checkbox', '#title' => $this->t('Allow duplicate attribute names'), '#description' => $this->t('Do not raise an error when the authentication response contains duplicate attribute elements with the same name.'), '#default_value' => $config->get('security_allow_repeat_attribute_name'), ]; // This option's default value is FALSE but according to the SAML spec, // signing parameters should always be retrieved from the original request // instead of recalculated. (As argued in e.g. Loading Loading @@ -1571,6 +1578,7 @@ class SamlauthConfigureForm extends ConfigFormBase { 'security_messages_sign', 'request_set_name_id_policy', 'security_want_name_id', 'security_allow_repeat_attribute_name', 'security_logout_reuse_sigs', 'security_request_authn_context', 'security_signature_algorithm', Loading
src/SamlService.php +2 −0 Original line number Diff line number Diff line Loading @@ -953,6 +953,8 @@ class SamlService { // Used for login / logout / SLO response, sent after processing // incoming SLO request; should be deprecated: 'lowercaseUrlencoding' => (bool) $config->get('security_lowercase_url_encoding'), // Allow duplicated Attribute Names. Used for acs. 'allowRepeatAttributeName' => (bool) $config->get('security_allow_repeat_attribute_name'), // (*): also influences Settings:__construct() checks for SP cert+key. // (**): if either of these properties is true, an extra 'encryption' // certificate is always included in the metadata. (With the same value Loading
