AttributeConsumingService support with multi attributeValue

Author: pitbulk

README.md

@@ -297,7 +297,7 @@ $settings = array (
                         "isRequired" => false,
                         "nameFormat" => "",
                         "friendlyName" => "",
-                        "attributeValue" => ""
+                        "attributeValue" => array()
                     )
                 )
         ),

lib/Saml2/Metadata.php

@@ -121,7 +121,23 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
                 if (isset($attribute['isRequired'])) {
                     $requestedAttributeStr .= sprintf(' isRequired="%s"', $attribute['isRequired'] === true ? 'true' : 'false');
                 }
-                $requestedAttributeData[] = $requestedAttributeStr . '/>';
+                $reqAttrAuxStr = " />";
+
+                if (isset($attribute['attributeValue']) && !empty($attribute['attributeValue'])) {
+                    $reqAttrAuxStr = '>';
+                    if (is_string($attribute['attributeValue'])) {
+                        $attribute['attributeValue'] = array($attribute['attributeValue']);
+                    }                    
+                    foreach($attribute['attributeValue'] as $attrValue) {
+                        $reqAttrAuxStr .=<<<ATTRIBUTEVALUE
+
+                <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">{$attrValue}</saml:AttributeValue>
+ATTRIBUTEVALUE;
+                    }
+                    $reqAttrAuxStr .= "\n            </md:RequestedAttribute>";
+                }
+
+                $requestedAttributeData[] = $requestedAttributeStr . $reqAttrAuxStr;
             }
 
             $requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData);

tests/settings/settings4.php

@@ -0,0 +1,67 @@
+<?php
+    $settingsInfo = array (
+        'strict' => false,
+        'debug' => false,
+        'sp' => array (
+            'entityId' => 'http://stuff.com/endpoints/metadata.php',
+            'assertionConsumerService' => array (
+                'url' => 'http://stuff.com/endpoints/endpoints/acs.php',
+            ),
+            'singleLogoutService' => array (
+                'url' => 'http://stuff.com/endpoints/endpoints/sls.php',
+            ),
+            'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
+            'attributeConsumingService' => array (
+                'serviceName' => 'Service Name',
+                'serviceDescription' => 'Service Description',
+                'requestedAttributes' => array (
+                    array (
+                        'nameFormat' => \OneLogin_Saml2_Constants::ATTRNAME_FORMAT_BASIC,
+                        'isRequired' => false,
+                        'name' => 'userType',
+                        'attributeValue' => array('userType', 'admin')
+                    ),
+                    array (
+                        'nameFormat' => \OneLogin_Saml2_Constants::ATTRNAME_FORMAT_URI,
+                        'isRequired' => true,
+                        'name' => 'urn:oid:0.9.2342.19200300.100.1.1',
+                        'friendlyName' => 'uid'
+                    ),
+                )
+            )
+        ),
+        'idp' => array (
+            'entityId' => 'http://idp.example.com/',
+            'singleSignOnService' => array (
+                'url' => 'http://idp.example.com/SSOService.php',
+            ),
+            'singleLogoutService' => array (
+                'url' => 'http://idp.example.com/SingleLogoutService.php',
+            ),
+            'x509cert' => 'MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo',
+        ),
+
+        'security' => array (
+            'authnRequestsSigned' => false,
+            'wantAssertionsSigned' => false,
+            'signMetadata' => false,
+        ),
+        'contactPerson' => array (
+            'technical' => array (
+                'givenName' => 'technical_name',
+                'emailAddress' => '[email protected]',
+            ),
+            'support' => array (
+                'givenName' => 'support_name',
+                'emailAddress' => '[email protected]',
+            ),
+        ),
+
+        'organization' => array (
+            'en-US' => array(
+                'name' => 'sp_test',
+                'displayname' => 'SP test',
+                'url' => 'http://sp.example.com',
+            ),
+        ),
+    );

tests/src/OneLogin/Saml2/MetadataTest.php

@@ -76,8 +76,35 @@ public function testBuilderWithAttributeConsumingService()
 
         $this->assertContains('<md:ServiceName xml:lang="en">Service Name</md:ServiceName>', $metadata);
         $this->assertContains('<md:ServiceDescription xml:lang="en">Service Description</md:ServiceDescription>', $metadata);
-        $this->assertContains('<md:RequestedAttribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>', $metadata);
-        $this->assertContains('<md:RequestedAttribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>', $metadata);
+        $this->assertContains('<md:RequestedAttribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />', $metadata);
+        $this->assertContains('<md:RequestedAttribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />', $metadata);
+
+        $result = \OneLogin_Saml2_Utils::validateXML($metadata, 'saml-schema-metadata-2.0.xsd');
+        $this->assertInstanceOf('DOMDocument', $result);
+    }
+
+    /**
+    * Tests the builder method of the OneLogin_Saml2_Metadata
+    *
+    * @covers OneLogin_Saml2_Metadata::builder
+    */
+    public function testBuilderWithAttributeConsumingServiceWithMultipleAttributeValue()
+    {
+        $settingsDir = TEST_ROOT .'/settings/';
+        include $settingsDir.'settings4.php';
+        $settings = new OneLogin_Saml2_Settings($settingsInfo);
+        $spData = $settings->getSPData();
+        $security = $settings->getSecurityData();
+        $organization = $settings->getOrganization();
+        $contacts = $settings->getContacts();
+
+        $metadata = OneLogin_Saml2_Metadata::builder($spData, $security['authnRequestsSigned'], $security['wantAssertionsSigned'], null, null, $contacts, $organization);
+
+        $this->assertContains('<md:ServiceName xml:lang="en">Service Name</md:ServiceName>', $metadata);
+        $this->assertContains('<md:ServiceDescription xml:lang="en">Service Description</md:ServiceDescription>', $metadata);
+        $this->assertContains('<md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid" isRequired="true" />', $metadata);
+        $this->assertContains('<saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">userType</saml:AttributeValue>', $metadata);
+        $this->assertContains('<saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">admin</saml:AttributeValue>', $metadata);
 
         $result = \OneLogin_Saml2_Utils::validateXML($metadata, 'saml-schema-metadata-2.0.xsd');
         $this->assertInstanceOf('DOMDocument', $result);