From f43b38875b09371c34c8a21bf358335aa97e83dc Mon Sep 17 00:00:00 2001
From: Sixto Martin <pitbulk@gmail.com>
Date: Mon, 27 May 2024 01:42:33 +0200
Subject: [PATCH] Add parameter to exclude validUntil on SP Metadata XML

---
 lib/Saml2/Metadata.php                    | 23 +++++++++++++++++------
 tests/src/OneLogin/Saml2/MetadataTest.php |  4 ++++
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/lib/Saml2/Metadata.php b/lib/Saml2/Metadata.php
index 9343ac44..303184b3 100644
--- a/lib/Saml2/Metadata.php
+++ b/lib/Saml2/Metadata.php
@@ -21,10 +21,11 @@ class OneLogin_Saml2_Metadata
      * @param array         $contacts      Contacts info
      * @param array         $organization  Organization ingo
      * @param array         $attributes
+     * @param bool          $ignoreValidUntil exclude the validUntil tag from metadata
      *
      * @return string SAML Metadata XML
      */
-    public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array())
+    public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array(), $ignoreValidUntil = false)
     {
 
         if (!isset($validUntil)) {
@@ -144,27 +145,37 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
 
             $requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData);
             $strAttributeConsumingService = <<<METADATA_TEMPLATE
-<md:AttributeConsumingService index="1">
+
+        <md:AttributeConsumingService index="1">
             <md:ServiceName xml:lang="en">{$sp['attributeConsumingService']['serviceName']}</md:ServiceName>
 {$attrCsDesc}{$requestedAttributeStr}
         </md:AttributeConsumingService>
 METADATA_TEMPLATE;
         }
 
+        if ($ignoreValidUntil) {
+            $timeStr = <<<TIME_TEMPLATE
+cacheDuration="PT{$cacheDuration}S";
+TIME_TEMPLATE;
+        } else {
+            $timeStr = <<<TIME_TEMPLATE
+validUntil="{$validUntilTime}"
+                     cacheDuration="PT{$cacheDuration}S"
+TIME_TEMPLATE;
+        }
+
         $spEntityId = htmlspecialchars($sp['entityId'], ENT_QUOTES);
         $acsUrl = htmlspecialchars($sp['assertionConsumerService']['url'], ENT_QUOTES);
         $metadata = <<<METADATA_TEMPLATE
 <?xml version="1.0"?>
 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-                     validUntil="{$validUntilTime}"
-                     cacheDuration="PT{$cacheDuration}S"
+                     {$timeStr}
                      entityID="{$spEntityId}">
     <md:SPSSODescriptor AuthnRequestsSigned="{$strAuthnsign}" WantAssertionsSigned="{$strWsign}" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 {$sls}        <md:NameIDFormat>{$sp['NameIDFormat']}</md:NameIDFormat>
         <md:AssertionConsumerService Binding="{$sp['assertionConsumerService']['binding']}"
                                      Location="{$acsUrl}"
-                                     index="1" />
-        {$strAttributeConsumingService}
+                                     index="1" />{$strAttributeConsumingService}
     </md:SPSSODescriptor>{$strOrganization}{$strContacts}
 </md:EntityDescriptor>
 METADATA_TEMPLATE;
diff --git a/tests/src/OneLogin/Saml2/MetadataTest.php b/tests/src/OneLogin/Saml2/MetadataTest.php
index c6a8e6d1..5ce3e471 100644
--- a/tests/src/OneLogin/Saml2/MetadataTest.php
+++ b/tests/src/OneLogin/Saml2/MetadataTest.php
@@ -41,6 +41,7 @@ public function testBuilder()
         $this->assertContains('<md:OrganizationName xml:lang="en-US">sp_test</md:OrganizationName>', $metadata);
         $this->assertContains('<md:ContactPerson contactType="technical">', $metadata);
         $this->assertContains('<md:GivenName>technical_name</md:GivenName>', $metadata);
+        $this->assertContains('validUntil', $metadata);
 
         $security['authnRequestsSigned'] = true;
         $security['wantAssertionsSigned'] = true;
@@ -55,6 +56,9 @@ public function testBuilder()
 
         $this->assertNotContains('<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"', $metadata2);
         $this->assertNotContains(' Location="http://stuff.com/endpoints/endpoints/sls.php"/>', $metadata2);
+
+        $metadata3 = OneLogin_Saml2_Metadata::builder($spData, $security['authnRequestsSigned'], $security['wantAssertionsSigned'], null, null, $contacts, $organization, array(), true);
+        $this->assertNotContains('validUntil=', $metadata3);
     }
 
     /**