Record values from RequestedAttributes

ghalse · ghalse · commit ad253aaca498 · 2026-01-08T13:57:08.000+02:00
diff --git a/src/SimpleSAML/Metadata/SAMLParser.php b/src/SimpleSAML/Metadata/SAMLParser.php
@@ -1028,22 +1028,30 @@ private static function parseAttributeConsumerService(AttributeConsumingService
 
         $format = null;
         foreach ($element->getRequestedAttribute() as $child) {
-            $attrname = $child->getName();
-            $sp['attributes'][] = $attrname;
+            $attrName = $child->getName();
+            $attrNameFormat = $child->getNameFormat();
+            $attrValue = $child->getAttributeValues();
+            if (empty($attrValue)) {
+                $sp['attributes'][] = $attrName;
+            } else {
+                $values = [];
+                foreach ($attrValue as $attrval) {
+                    $values[] = $attrval->getValue();
+                }
+                $sp['attributes'][$attrName] = $values;
+            }
 
             if ($child->getIsRequired() === true) {
-                $sp['attributes.required'][] = $attrname;
+                $sp['attributes.required'][] = $attrName;
             }
 
-            if ($child->getNameFormat() !== null) {
-                $attrformat = $child->getNameFormat();
-            } else {
-                $attrformat = C::NAMEFORMAT_UNSPECIFIED;
+            if ($attrNameFormat === null) {
+                $attrNameFormat = C::NAMEFORMAT_UNSPECIFIED;
             }
 
             if ($format === null) {
-                $format = $attrformat;
-            } elseif ($format !== $attrformat) {
+                $format = $attrNameFormat;
+            } elseif ($format !== $attrNameFormat) {
                 $format = C::NAMEFORMAT_UNSPECIFIED;
             }
         }
diff --git a/tests/src/SimpleSAML/Metadata/SAMLParserTest.php b/tests/src/SimpleSAML/Metadata/SAMLParserTest.php
@@ -228,6 +228,9 @@ public function testAttributeConsumingServiceParsing(): void
         <RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri" isRequired="true"/>
         <RequestedAttribute FriendlyName="mail" Name="urn:mace:dir:attribute-def:mail" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
         <RequestedAttribute FriendlyName="displayName" Name="urn:mace:dir:attribute-def:displayName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+        <RequestedAttribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:mace:dir:entitlement:common-lib-terms</saml:AttributeValue>
+        </RequestedAttribute>
       </AttributeConsumingService>
     </SPSSODescriptor>
 
@@ -248,6 +251,9 @@ public function testAttributeConsumingServiceParsing(): void
             "urn:mace:dir:attribute-def:eduPersonPrincipalName",
             "urn:mace:dir:attribute-def:mail",
             "urn:mace:dir:attribute-def:displayName",
+            "urn:oid:1.3.6.1.4.1.5923.1.1.1.7" => [
+                "urn:mace:dir:entitlement:common-lib-terms",
+            ],
         ];
         $expected_r = ["urn:mace:dir:attribute-def:eduPersonPrincipalName"];
 
