SAML-Toolkits · pitbulk · May 26, 2024 · Dec 7, 2023 · May 19, 2024 · May 19, 2024
diff --git a/src/Saml2/Metadata.php b/src/Saml2/Metadata.php
@@ -38,10 +38,11 @@ class Metadata
      * @param array         $contacts      Contacts info
      * @param array         $organization  Organization ingo
      * @param array         $attributes
+     * @param bool          $ignoreValidUntil exclude the validUntil tag from metadata
      *
      * @return string SAML Metadata XML
      */
-    public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array())
+    public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array(), $ignoreValidUntil = false)
     {
 
         if (!isset($validUntil)) {
@@ -173,7 +174,12 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
         $metadata = <<<METADATA_TEMPLATE
 <?xml version="1.0"?>
 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-                     validUntil="{$validUntilTime}"
+METADATA_TEMPLATE;
+	$metadata = $metadata . "\n";
+        if ( $ignoreValidUntil === false ){
+	    $metadata = $metadata . "                     validUntil=\"{$validUntilTime}\"\n";
+	}
+	$metadata = $metadata . <<<METADATA_TEMPLATE
                      cacheDuration="PT{$cacheDuration}S"
                      entityID="{$spEntityId}">
     <md:SPSSODescriptor AuthnRequestsSigned="{$strAuthnsign}" WantAssertionsSigned="{$strWsign}" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

diff --git a/tests/src/OneLogin/Saml2/MetadataTest.php b/tests/src/OneLogin/Saml2/MetadataTest.php
@@ -52,6 +52,7 @@ public function testBuilder()
         $this->assertStringContainsString('<md:OrganizationName xml:lang="en-US">sp_test</md:OrganizationName>', $metadata);
         $this->assertStringContainsString('<md:ContactPerson contactType="technical">', $metadata);
         $this->assertStringContainsString('<md:GivenName>technical_name</md:GivenName>', $metadata);
+        $this->assertStringContainsString('validUntil', $metadata);
 
         $security['authnRequestsSigned'] = true;
         $security['wantAssertionsSigned'] = true;
@@ -66,6 +67,9 @@ public function testBuilder()
 
         $this->assertStringNotContainsString('<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"', $metadata2);
         $this->assertStringNotContainsString(' Location="http://stuff.com/endpoints/endpoints/sls.php"/>', $metadata2);
+
+        $metadata3 = Metadata::builder($spData, $security['authnRequestsSigned'], $security['wantAssertionsSigned'], null, null, $contacts, $organization, array(), true);
+        $this->assertStringNotContainsString('validUntil=', $metadata3);
     }
 
     /**