Add missing check for encrypted name id in non encrypted assertions

SAML-Toolkits · Sep 11, 2024 · 5e84cc5 · 5e84cc5
1 parent 748293e
commit 5e84cc5
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/Saml2/Response.php b/src/Saml2/Response.php
@@ -234,6 +234,7 @@ public function isValid($requestId = null)
                     );
                 }
 
+                $this->encryptedNameId = $this->encryptedNameId || $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')->length > 0;
                 if (!$this->encryptedNameId && $security['wantNameIdEncrypted']) {
                     throw new ValidationError(
                         "The NameID of the Response is not encrypted and the SP requires it",