Prevented saml2 autodiscovery on metadata load

Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480

diff --git a/app/Auth/Access/Saml2Service.php b/app/Auth/Access/Saml2Service.php
index b0bf39995e63f0b050aabf67d4cd8af05abadebc..a95e3b1d2e8d410f510680b0911bc7307ebd2269 100644 (file)
--- a/app/Auth/Access/Saml2Service.php
+++ b/app/Auth/Access/Saml2Service.php
@@ -20,14 +20,11 @@ use OneLogin\Saml2\ValidationError;
  */
 class Saml2Service
 {
-    protected $config;
-    protected $registrationService;
-    protected $loginService;
-    protected $groupSyncService;
+    protected array $config;
+    protected RegistrationService $registrationService;
+    protected LoginService $loginService;
+    protected GroupSyncService $groupSyncService;
 
-    /**
-     * Saml2Service constructor.
-     */
     public function __construct(
         RegistrationService $registrationService,
         LoginService $loginService,
@@ -169,7 +166,7 @@ class Saml2Service
      */
     public function metadata(): string
     {
-        $toolKit = $this->getToolkit();
+        $toolKit = $this->getToolkit(true);
         $settings = $toolKit->getSettings();
         $metadata = $settings->getSPMetadata();
         $errors = $settings->validateMetadata($metadata);
@@ -190,7 +187,7 @@ class Saml2Service
      * @throws Error
      * @throws Exception
      */
-    protected function getToolkit(): Auth
+    protected function getToolkit(bool $spOnly = false): Auth
     {
         $settings = $this->config['onelogin'];
         $overrides = $this->config['onelogin_overrides'] ?? [];
@@ -200,14 +197,14 @@ class Saml2Service
         }
 
         $metaDataSettings = [];
-        if ($this->config['autoload_from_metadata']) {
+        if (!$spOnly && $this->config['autoload_from_metadata']) {
             $metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']);
         }
 
         $spSettings = $this->loadOneloginServiceProviderDetails();
         $settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides);
 
-        return new Auth($settings);
+        return new Auth($settings, $spOnly);
     }
 
     /**

diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php
index 885adf9e0a48fca8a40eab1824fe35ccd24459e3..4c8d14dd5c81ab8491b0e4edecde62e48dc321ea 100644 (file)
--- a/tests/Auth/Saml2Test.php
+++ b/tests/Auth/Saml2Test.php
@@ -41,6 +41,20 @@ class Saml2Test extends TestCase
         $req->assertSee(url('/saml2/acs'));
     }
 
+    public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set()
+    {
+        config()->set([
+            'saml2.autoload_from_metadata' => true,
+            'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292',
+            'saml2.onelogin.idp.singleSignOnService.url' => null,
+        ]);
+
+        $req = $this->get('/saml2/metadata');
+        $req->assertOk();
+        $req->assertHeader('Content-Type', 'text/xml; charset=UTF-8');
+        $req->assertSee('md:EntityDescriptor');
+    }
+
     public function test_onelogin_overrides_functions_as_expected()
     {
         $json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "[email protected]"}}}';