PHP8 compat

composer.json

@@ -14,7 +14,7 @@
 		}
 	],
 	"require": {
-		"onelogin/php-saml": "^3.0"
+		"onelogin/php-saml": "^4.0"
 	},
 	"require-dev": {
 		"humanmade/coding-standards": "dev-master"

vendor/onelogin/php-saml/.github/workflows/php-package.yml

@@ -0,0 +1,54 @@
+# This workflow will install PHP dependencies, run tests and lint with a variety of PHP versions
+# For more information see: https://github.com/marketplace/actions/setup-php-action
+
+name: php-saml 4.x package
+
+on:
+  push:
+    branches: [ 4.* ]
+  pull_request:
+    branches: [ 4.* ]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-system: ['ubuntu-latest']
+        php-versions: [7.3, 7.4, 8.0, 8.1]
+    steps:
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: mbstring, intl, mcrypt, xml
+          tools: composer:v2
+          ini-values: post_max_size=256M, max_execution_time=180
+          coverage: xdebug
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+      - uses: actions/checkout@v2
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Install Composer dependencies
+        run: |
+          composer self-update
+          composer install --prefer-source --no-interaction
+      - name: Syntax check PHP
+        run: |
+          php vendor/bin/phpcpd --exclude tests --exclude vendor .
+          php vendor/bin/phploc src/.
+          mkdir -p tests/build/dependences
+          php vendor/bin/pdepend --summary-xml=tests/build/logs/dependence-summary.xml --jdepend-chart=tests/build/dependences/jdepend.svg --overview-pyramid=tests/build/dependences/pyramid.svg  src/.
+
+      - name: PHP Code Sniffer
+        run: php vendor/bin/phpcs --standard=tests/ZendModStandard src/Saml2 demo1 demo2 endpoints tests/src
+
+      - name: Run unit tests
+        run: vendor/bin/phpunit --verbose --debug

vendor/onelogin/php-saml/CHANGELOG

@@ -1,10 +1,117 @@
 CHANGELOG
 =========
+v4.0.0
+* Supports PHP 8.X
 
-v.3.0.0 (pending)
+v3.6.1
+* [#467](https://github.com/onelogin/php-saml/issues/467) Fix bug on getSelfRoutedURLNoQuery method
+
+v3.6.0
+* Add AES128_GCM encryption on generateNameId method. New setting parameter encryption_algorithm. If you set a encryption method different than AES128_CBC then the algorithm RSA_OAEP_MGF1P will be used as well instead RSA_1_5
+* PHP 8.0 support
+
+v3.5.1
+* 3.5.0 packagist/github release due a confusion were using the master (2.X branch). I'm releasing 3.5.1 to fix this issue and go back to 3.X branch
+
+v3.5.0
+* [#412](https://github.com/onelogin/php-saml/pull/412) Empty instead of unset the $_SESSION variable
+* [#433](https://github.com/onelogin/php-saml/issues/443) Fix Incorrect Destination in LogoutResponse when using responseUrl #443
+* Update xmlseclibs to 3.1.1
+* Add support for SMARTCARD_PKI and RSA_TOKEN Auth Contexts
+* Get lib path dinamically
+* Check for x509Cert of the IdP when loading settings, even if the security index was not provided
+* Support Statements with Attribute elements with the same name enabling the allowRepeatAttributeName setting
+
+v3.4.1
+* Add setSchemasPath to Auth class and fix backward compatibility
+
+v.3.4.0
+* Support rejecting unsolicited SAMLResponses.
+* Support stric destination matching.
+* Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
+* Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
+* Improve getSelfRoutedURLNoQuery method
+* Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
+* Remove use of $_GET on static method validateBinarySign
+* Fix error message when Assertion and NameId are both encrypted (not supported)
+
+v.3.3.1
+* Update xmlseclibs to 3.0.4
+* Remove Comparison atribute from RequestedAuthnContext when setting has empty value
+
+v.3.3.0
+* Set true as the default value for strict setting
+* Relax comparision of false on SignMetadata
+* Fix CI
+
+v.3.2.1
+* Add missed nameIdValueReq parameter to buildAuthnRequest method
+
+v.3.2.0
+* Add support for Subjects on AuthNRequests by the new parameter nameIdValueReq
+* Support SLO ResponseLocation
+* [#344](https://github.com/onelogin/php-saml/issues/344) Raise errors on IdPMetadataParser::parseRemoteXML and IdPMetadataParser::parseFileXML
+* [#356](https://github.com/onelogin/php-saml/issues/356) Support 'x509cert' and 'privateKey' on signMetadata security setting
+
+v.3.1.1
+* Force to use at least xmlseclibs 3.0.3 for security reasons
+* [#367](https://github.com/onelogin/php-saml/pull/367) Move the creation of the AuthnRequest to separate function
+* Set strict=true on config examples
+* Move phpunit.xml
+
+v.3.1.0
+* Security improvement suggested by Nils Engelbertz to prevent DDOS by expansion of internally defined entities (XEE)
+* Fix setting_example.php servicename parameter 
+
+v.3.0.0
 * Remove mcrypt dependency. Compatible with PHP 7.2
 * xmlseclibs now is not part of the toolkit and need to be installed from original source
 
+v.2.18.0
+* Support rejecting unsolicited SAMLResponses.
+* Support stric destination matching.
+* Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
+* Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
+* Improve getSelfRoutedURLNoQuery method
+* Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
+* Remove use of $_GET on static method validateBinarySign
+* Fix error message when Assertion and NameId are both encrypted (not supported)
+
+v.2.17.1
+* Update xmlseclibs to 3.0.4
+* Remove Comparison atribute from RequestedAuthnContext when setting has empty value
+
+v.2.17.0
+* Set true as the default value for strict setting
+* Support 'x509cert' and 'privateKey' on signMetadata security settings
+* Relax comparision of false on SignMetadata
+* Fix CI
+
+v.2.16.0
+* Support SLO ResponseLocation
+* [#344](https://github.com/onelogin/php-saml/issues/344) Raise errors on IdPMetadataParser::parseRemoteXML and IdPMetadataParser::parseFileXML
+* Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from SAMLResponse. Adjusted single logout service to provide NameQualifier and SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and SamlResponse. Extend logout method from Auth and LogoutRequest constructor to support SPNameQualifier parameter. Align LogoutRequest constructor with SAML specs
+* Add support for Subjects on AuthNRequests by the new parameter
+* Set strict=true on config examples
+
+v.2.15.0
+* Security improvement suggested by Nils Engelbertz to prevent DDOS by expansion of internally defined entities (XEE)
+* Fix bug on settings_example.php
+
+v.2.14.0
+* Add  parameter to the decryptElement method to make optional the formatting
+* [#283](https://github.com/onelogin/php-saml/pull/283) New method of importing a decrypted assertion into the XML document to replace the EncryptedAssertion. Fix signature issues on Signed Encrypted Assertions with default namespace
+* Allow the getSPMetadata() method to always include the encryption Key Descriptor
+* Change some Fatal Error to Exceptions
+* [#265](https://github.com/onelogin/php-saml/issues/265) Support parameters at getSPMetadata method
+* Avoid calling static method using this
+
+v.2.13.0
+* Update xmlseclibs with some fixes.
+* Add extra protection verifying the Signature algorithm used on SignedInfo element, not only rely on the xmlseclibs verify / verifySignature methods.
+* Add getAttributesWithFriendlyName method which returns the set of SAML attributes indexed by FriendlyName
+* Fix bug on parseRemoteXML and parseFileXML. Internal calls to parseXML missed the desiredNameIdFormat parameter
+
 v.2.12.0
 * Improve Time management. Use DateTime/DateTimeZone classes.
 * Escape error messages in debug mode