From 3924e0f61bbce0ccb1773ea46404b6ffec3ed67d Mon Sep 17 00:00:00 2001
From: Sebastian Niegel <sniegel@mind4bytes.com>
Date: Sat, 8 Feb 2025 13:12:50 +0100
Subject: [PATCH 1/4] feat(settings): optional config option for sp entityId

Signed-off-by: Sebastian Niegel <sniegel@mind4bytes.com>
---
 lib/SAMLSettings.php              |  3 ++-
 lib/Settings/Admin.php            | 19 ++++++++++++++++---
 templates/admin.php               | 12 ++++++++----
 tests/unit/Settings/AdminTest.php | 17 +++++++++++++++--
 4 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 799876bd7..f20a7b330 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -59,6 +59,7 @@ class SAMLSettings {
 		'saml-attribute-mapping-group_mapping_prefix',
 		'saml-user-filter-reject_groups',
 		'saml-user-filter-require_groups',
+        'sp-entityId',
 		'sp-x509cert',
 		'sp-name-id-format',
 		'sp-privateKey',
@@ -141,7 +142,7 @@ public function getOneLoginSettingsArray(int $idp): array {
 				// "sloWebServerDecode" is not expected to be passed to the OneLogin class
 			],
 			'sp' => [
-				'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
+				'entityId' => $this->configurations[$idp]['sp-entityId'] ?? $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
 				'assertionConsumerService' => [
 					'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.assertionConsumerService'),
 				],
diff --git a/lib/Settings/Admin.php b/lib/Settings/Admin.php
index bce34eee5..cedc97f04 100644
--- a/lib/Settings/Admin.php
+++ b/lib/Settings/Admin.php
@@ -38,9 +38,22 @@ public function getForm() {
 			];
 		}
 		$serviceProviderFields = [
-			'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'),
-			'privateKey' => $this->l10n->t('Private key of the Service Provider'),
-		];
+            'x509cert' => [
+				'text' => $this->l10n->t('X.509 certificate of the Service Provider'),
+				'type' => 'text',
+				'required' => false,
+			],
+			'privateKey' => [
+				'text' => $this->l10n->t('Private key of the Service Provider'),
+				'type' => 'text',
+				'required' => false,
+			],
+			'entityId' => [
+				'text' => $this->l10n->t('Service Provider EntityId (optional)'),
+				'type' => 'line',
+				'required' => false,
+			]
+        ];
 		$securityOfferFields = [
 			'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.'),
 			'authnRequestsSigned' => $this->l10n->t('Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]'),
diff --git a/templates/admin.php b/templates/admin.php
index 7cda20d10..b0eae9c99 100644
--- a/templates/admin.php
+++ b/templates/admin.php
@@ -121,11 +121,15 @@
 						} ?> ><?php p($value['label']) ?></option>
 					<?php endforeach; ?>
 				</select>
-				<?php foreach ($_['sp'] as $key => $text): ?>
+				<?php foreach ($_['sp'] as $key => $attribute): ?>
 					<p>
-						<label class="user-saml-standalone-label" for="user-saml-<?php p($key) ?>"><?php p($text) ?></label><br/>
-						<textarea id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>"><?php p($_['config']['sp-' . $key] ?? '') ?></textarea>
-					</p>
+						<label class="user-saml-standalone-label" for="user-saml-<?php p($key) ?>"><?php p($attribute['text']) ?></label><br/>
+                        <?php if ($attribute['type'] === 'line'): ?>
+						    <input id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" value="<?php p($_['config']['sp-' . $key] ?? '') ?>" type="text" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>/>
+                        <? else: ?>
+                            <textarea id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>><?php p($_['config']['sp-' . $key] ?? '') ?></textarea>
+                        <?php endif; ?>
+                    </p>
 				<?php endforeach; ?>
 			</div>
 		</div>
diff --git a/tests/unit/Settings/AdminTest.php b/tests/unit/Settings/AdminTest.php
index 9528007b3..2f5004f2e 100644
--- a/tests/unit/Settings/AdminTest.php
+++ b/tests/unit/Settings/AdminTest.php
@@ -53,8 +53,21 @@ public function formDataProvider() {
 			});
 
 		$serviceProviderFields = [
-			'x509cert' => 'X.509 certificate of the Service Provider',
-			'privateKey' => 'Private key of the Service Provider',
+            'x509cert' => [
+				'text' => 'X.509 certificate of the Service Provider',
+				'type' => 'text',
+				'required' => false,
+			],
+			'privateKey' => [
+				'text' => 'Private key of the Service Provider',
+				'type' => 'text',
+				'required' => false,
+			],
+			'entityId' => [
+				'text' => 'Service Provider EntityId (optional)',
+				'type' => 'line',
+				'required' => false,
+			]
 		];
 		$securityOfferFields = [
 			'nameIdEncrypted' => 'Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.',

From 0124b7d6b77bcf3f766ece76f69b0b0cbf9cbab7 Mon Sep 17 00:00:00 2001
From: Sebastian Niegel <sniegel@mind4bytes.com>
Date: Sat, 8 Feb 2025 13:23:40 +0100
Subject: [PATCH 2/4] feat(settings): optional config option for sp entityId -
 fix formatting

Signed-off-by: Sebastian Niegel <sniegel@mind4bytes.com>
---
 lib/SAMLSettings.php              |  2 +-
 lib/Settings/Admin.php            |  4 ++--
 templates/admin.php               | 12 ++++++------
 tests/unit/Settings/AdminTest.php |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index f20a7b330..94d402ceb 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -59,7 +59,7 @@ class SAMLSettings {
 		'saml-attribute-mapping-group_mapping_prefix',
 		'saml-user-filter-reject_groups',
 		'saml-user-filter-require_groups',
-        'sp-entityId',
+		'sp-entityId',
 		'sp-x509cert',
 		'sp-name-id-format',
 		'sp-privateKey',
diff --git a/lib/Settings/Admin.php b/lib/Settings/Admin.php
index cedc97f04..a72b253ba 100644
--- a/lib/Settings/Admin.php
+++ b/lib/Settings/Admin.php
@@ -38,7 +38,7 @@ public function getForm() {
 			];
 		}
 		$serviceProviderFields = [
-            'x509cert' => [
+			'x509cert' => [
 				'text' => $this->l10n->t('X.509 certificate of the Service Provider'),
 				'type' => 'text',
 				'required' => false,
@@ -53,7 +53,7 @@ public function getForm() {
 				'type' => 'line',
 				'required' => false,
 			]
-        ];
+		];
 		$securityOfferFields = [
 			'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.'),
 			'authnRequestsSigned' => $this->l10n->t('Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]'),
diff --git a/templates/admin.php b/templates/admin.php
index b0eae9c99..d7615908a 100644
--- a/templates/admin.php
+++ b/templates/admin.php
@@ -124,12 +124,12 @@
 				<?php foreach ($_['sp'] as $key => $attribute): ?>
 					<p>
 						<label class="user-saml-standalone-label" for="user-saml-<?php p($key) ?>"><?php p($attribute['text']) ?></label><br/>
-                        <?php if ($attribute['type'] === 'line'): ?>
-						    <input id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" value="<?php p($_['config']['sp-' . $key] ?? '') ?>" type="text" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>/>
-                        <? else: ?>
-                            <textarea id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>><?php p($_['config']['sp-' . $key] ?? '') ?></textarea>
-                        <?php endif; ?>
-                    </p>
+						<?php if ($attribute['type'] === 'line'): ?>
+							<input id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" value="<?php p($_['config']['sp-' . $key] ?? '') ?>" type="text" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>/>
+						<? else: ?>
+							<textarea id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>><?php p($_['config']['sp-' . $key] ?? '') ?></textarea>
+						<?php endif; ?>
+					</p>
 				<?php endforeach; ?>
 			</div>
 		</div>
diff --git a/tests/unit/Settings/AdminTest.php b/tests/unit/Settings/AdminTest.php
index 2f5004f2e..6ac3c4457 100644
--- a/tests/unit/Settings/AdminTest.php
+++ b/tests/unit/Settings/AdminTest.php
@@ -53,7 +53,7 @@ public function formDataProvider() {
 			});
 
 		$serviceProviderFields = [
-            'x509cert' => [
+			'x509cert' => [
 				'text' => 'X.509 certificate of the Service Provider',
 				'type' => 'text',
 				'required' => false,

From 77a7504e085033ec3d5496f73641bf2e878f0200 Mon Sep 17 00:00:00 2001
From: Sebastian Niegel <sniegel@mind4bytes.com>
Date: Mon, 10 Feb 2025 15:04:05 +0100
Subject: [PATCH 3/4] feat(settings): optional config option for sp entityId -
 fix linter messages

Signed-off-by: Sebastian Niegel <sniegel@mind4bytes.com>
---
 templates/admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/admin.php b/templates/admin.php
index d7615908a..733a39a30 100644
--- a/templates/admin.php
+++ b/templates/admin.php
@@ -126,7 +126,7 @@
 						<label class="user-saml-standalone-label" for="user-saml-<?php p($key) ?>"><?php p($attribute['text']) ?></label><br/>
 						<?php if ($attribute['type'] === 'line'): ?>
 							<input id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" value="<?php p($_['config']['sp-' . $key] ?? '') ?>" type="text" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>/>
-						<? else: ?>
+						<?php else: ?>
 							<textarea id="user-saml-<?php p($key) ?>" name="<?php p($key) ?>" <?php if (isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?>><?php p($_['config']['sp-' . $key] ?? '') ?></textarea>
 						<?php endif; ?>
 					</p>

From 5250160c61cdfce498147d3c53333b766388688f Mon Sep 17 00:00:00 2001
From: Sebastian Niegel <sniegel@mind4bytes.com>
Date: Wed, 5 Mar 2025 16:29:14 +0100
Subject: [PATCH 4/4] feat(settings): optional config option for sp entityId -
 allow unsetting of config option

Signed-off-by: Sebastian Niegel <sniegel@mind4bytes.com>
---
 lib/SAMLSettings.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 94d402ceb..6d29d11a0 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -142,7 +142,9 @@ public function getOneLoginSettingsArray(int $idp): array {
 				// "sloWebServerDecode" is not expected to be passed to the OneLogin class
 			],
 			'sp' => [
-				'entityId' => $this->configurations[$idp]['sp-entityId'] ?? $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
+				'entityId' => (array_key_exists('sp-entityId', $this->configurations[$idp]) && trim($this->configurations[$idp]['sp-entityId']) != '')
+					? $this->configurations[$idp]['sp-entityId']
+					: $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
 				'assertionConsumerService' => [
 					'url' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.assertionConsumerService'),
 				],