From 51d4b69b1e689aecb9c8ca25ddb4a87d23c1f668 Mon Sep 17 00:00:00 2001
From: Sixto Martin <sixto.martin.garcia@workato.com>
Date: Thu, 22 May 2025 01:33:31 +0200
Subject: [PATCH 1/2] Fix typo in ignoreValidUntil that breaks metadata, See
 #603. Add parameter to exclude validUntil on Settings getSPMetadata, See #568

---
 lib/Saml2/Metadata.php | 2 +-
 lib/Saml2/Settings.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/Saml2/Metadata.php b/lib/Saml2/Metadata.php
index 303184b3..3f63a093 100644
--- a/lib/Saml2/Metadata.php
+++ b/lib/Saml2/Metadata.php
@@ -155,7 +155,7 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
 
         if ($ignoreValidUntil) {
             $timeStr = <<<TIME_TEMPLATE
-cacheDuration="PT{$cacheDuration}S";
+cacheDuration="PT{$cacheDuration}S"
 TIME_TEMPLATE;
         } else {
             $timeStr = <<<TIME_TEMPLATE
diff --git a/lib/Saml2/Settings.php b/lib/Saml2/Settings.php
index 660f56cc..c46ea532 100644
--- a/lib/Saml2/Settings.php
+++ b/lib/Saml2/Settings.php
@@ -888,6 +888,7 @@ public function getIdPSLOResponseUrl()
      *   or $advancedSettings['security']['wantAssertionsEncrypted'] are enabled.
      * @param DateTime|null $validUntil    Metadata's valid time
      * @param int|null      $cacheDuration Duration of the cache in seconds
+     * @param bool          $ignoreValidUntil exclude the validUntil tag from metadata
      *
      * @return string  SP metadata (xml)
      *
@@ -896,7 +897,7 @@ public function getIdPSLOResponseUrl()
      */
     public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null)
     {
-        $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization());
+        $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization(), [], $ignoreValidUntil);
 
         $certNew = $this->getSPcertNew();
         if (!empty($certNew)) {

From 01190d375bf1f74306e14cfaf46a5e450851c6f6 Mon Sep 17 00:00:00 2001
From: Sixto Martin <sixto.martin.garcia@workato.com>
Date: Thu, 22 May 2025 01:57:47 +0200
Subject: [PATCH 2/2] Fix typo

---
 lib/Saml2/Settings.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Saml2/Settings.php b/lib/Saml2/Settings.php
index c46ea532..bec377e8 100644
--- a/lib/Saml2/Settings.php
+++ b/lib/Saml2/Settings.php
@@ -895,9 +895,9 @@ public function getIdPSLOResponseUrl()
      * @throws Exception
      * @throws OneLogin_Saml2_Error
      */
-    public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null)
+    public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null, $ignoreValidUntil = false)
     {
-        $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization(), [], $ignoreValidUntil);
+        $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization(), array(), $ignoreValidUntil);
 
         $certNew = $this->getSPcertNew();
         if (!empty($certNew)) {