Add parameter to exclude validUntil on SP Metadata XML

Author: pitbulk

lib/Saml2/Metadata.php

@@ -21,10 +21,11 @@ class OneLogin_Saml2_Metadata
      * @param array         $contacts      Contacts info
      * @param array         $organization  Organization ingo
      * @param array         $attributes
+     * @param bool          $ignoreValidUntil exclude the validUntil tag from metadata
      *
      * @return string SAML Metadata XML
      */
-    public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array())
+    public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array(), $ignoreValidUntil = false)
     {
 
         if (!isset($validUntil)) {
@@ -144,27 +145,37 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
 
             $requestedAttributeStr = implode(PHP_EOL, $requestedAttributeData);
             $strAttributeConsumingService = <<<METADATA_TEMPLATE
-<md:AttributeConsumingService index="1">
+
+        <md:AttributeConsumingService index="1">
             <md:ServiceName xml:lang="en">{$sp['attributeConsumingService']['serviceName']}</md:ServiceName>
 {$attrCsDesc}{$requestedAttributeStr}
         </md:AttributeConsumingService>
 METADATA_TEMPLATE;
         }
 
+        if ($ignoreValidUntil) {
+            $timeStr = <<<TIME_TEMPLATE
+cacheDuration="PT{$cacheDuration}S";
+TIME_TEMPLATE;
+        } else {
+            $timeStr = <<<TIME_TEMPLATE
+validUntil="{$validUntilTime}"
+                     cacheDuration="PT{$cacheDuration}S"
+TIME_TEMPLATE;
+        }
+
         $spEntityId = htmlspecialchars($sp['entityId'], ENT_QUOTES);
         $acsUrl = htmlspecialchars($sp['assertionConsumerService']['url'], ENT_QUOTES);
         $metadata = <<<METADATA_TEMPLATE
 <?xml version="1.0"?>
 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-                     validUntil="{$validUntilTime}"
-                     cacheDuration="PT{$cacheDuration}S"
+                     {$timeStr}
                      entityID="{$spEntityId}">
     <md:SPSSODescriptor AuthnRequestsSigned="{$strAuthnsign}" WantAssertionsSigned="{$strWsign}" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 {$sls}        <md:NameIDFormat>{$sp['NameIDFormat']}</md:NameIDFormat>
         <md:AssertionConsumerService Binding="{$sp['assertionConsumerService']['binding']}"
                                      Location="{$acsUrl}"
-                                     index="1" />
-        {$strAttributeConsumingService}
+                                     index="1" />{$strAttributeConsumingService}
     </md:SPSSODescriptor>{$strOrganization}{$strContacts}
 </md:EntityDescriptor>
 METADATA_TEMPLATE;

tests/src/OneLogin/Saml2/MetadataTest.php

@@ -41,6 +41,7 @@ public function testBuilder()
         $this->assertContains('<md:OrganizationName xml:lang="en-US">sp_test</md:OrganizationName>', $metadata);
         $this->assertContains('<md:ContactPerson contactType="technical">', $metadata);
         $this->assertContains('<md:GivenName>technical_name</md:GivenName>', $metadata);
+        $this->assertContains('validUntil', $metadata);
 
         $security['authnRequestsSigned'] = true;
         $security['wantAssertionsSigned'] = true;
@@ -55,6 +56,9 @@ public function testBuilder()
 
         $this->assertNotContains('<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"', $metadata2);
         $this->assertNotContains(' Location="http://stuff.com/endpoints/endpoints/sls.php"/>', $metadata2);
+
+        $metadata3 = OneLogin_Saml2_Metadata::builder($spData, $security['authnRequestsSigned'], $security['wantAssertionsSigned'], null, null, $contacts, $organization, array(), true);
+        $this->assertNotContains('validUntil=', $metadata3);
     }
 
     /**