Arbitrary attributes cannot be from saml-namespaces

tvdijen · tvdijen · commit 39ab84d131e7 · 2025-12-21T22:19:29.000+01:00
diff --git a/src/XML/saml/AbstractSubjectConfirmationData.php b/src/XML/saml/AbstractSubjectConfirmationData.php
@@ -94,14 +94,6 @@ public function __construct(
         }
 
         $this->setElements($children);
-
-        foreach ($namespacedAttributes as $attr) {
-            Assert::notNull(
-                $attr->getNamespaceURI(),
-                "Local (non-namespaced) attributes are not allowed.",
-                ProtocolViolationException::class,
-            );
-        }
         $this->setAttributesNS($namespacedAttributes);
     }
 
diff --git a/src/XML/saml/Attribute.php b/src/XML/saml/Attribute.php
@@ -37,6 +37,16 @@ class Attribute extends AbstractSamlElement implements
     /** The namespace-attribute for the xs:anyAttribute element */
     public const string XS_ANY_ATTR_NAMESPACE = NS::OTHER;
 
+    /**
+     * The exclusions for the xs:anyAttribute element
+     *
+     * @var array<int, array<int, string>>
+     */
+    public const array XS_ANY_ATTR_EXCLUSIONS = [
+        ['urn:oasis:names:tc:SAML:2.0:assertion', '*'],
+        ['urn:oasis:names:tc:SAML:2.0:protocol', '*'],
+    ];
+
 
     /**
      * Initialize an Attribute.

Original file line number	Diff line number	Diff line change
`@@ -94,14 +94,6 @@ public function __construct(`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`$this->setElements($children);`
`97`		`-`
`98`		`- foreach ($namespacedAttributes as $attr) {`
`99`		`- Assert::notNull(`
`100`		`- $attr->getNamespaceURI(),`
`101`		`- "Local (non-namespaced) attributes are not allowed.",`
`102`		`- ProtocolViolationException::class,`
`103`		`- );`
`104`		`- }`
`105`	`97`	`$this->setAttributesNS($namespacedAttributes);`
`106`	`98`	`}`
`107`	`99`