From d2a8323f50496d5393ebb4a2d2c896da3e27ef06 Mon Sep 17 00:00:00 2001
From: Proxy SPID/CIE Comune Altilia <login@mind01.operweb.cloud>
Date: Thu, 28 Sep 2023 13:09:41 +0200
Subject: [PATCH 1/2] fix: AttributeConsumingServiceIndex proxy selection

---
 setup/sdk/proxy.tpl                                         | 6 +++---
 .../simplesamlphp/modules/saml/lib/Auth/Source/SP.php       | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/setup/sdk/proxy.tpl b/setup/sdk/proxy.tpl
index 4d06fd1..2f17ccb 100644
--- a/setup/sdk/proxy.tpl
+++ b/setup/sdk/proxy.tpl
@@ -29,7 +29,7 @@
     const TOKEN_PUBLIC_CERT = "{{SDKHOME}}/cert/spid-sp.crt";
     const DEFAULT_SPID_LEVEL = 2;
     const DEFAULT_CIE_LEVEL = 3;
-    const DEFAULT_ATCS_INDEX = 0;
+    const DEFAULT_ATCS_INDEX = null;    // set to null to retrieve it from metadata
     const DEFAULT_EIDAS_ATCS_INDEX = 100;
     const DEFAULT_SECRET = "";
     const DEFAULT_TOKEN_EXPIRATION_TIME = 1200;
@@ -108,8 +108,8 @@
                     } else {
                         $spidcie_level = $clients[$client_id]['level'];
                         $atcs_index = $clients[$client_id]['atcs_index'];
-                        if($spidcie_level==null || !in_array($spidcie_level, [1,2,3])) $spidcie_level = $isCIE? DEFAULT_CIE_LEVEL : DEFAULT_SPID_LEVEL;
-                        if($atcs_index==null || !is_numeric($atcs_index)) $atcs_index = DEFAULT_ATCS_INDEX;
+                        if($spidcie_level===null || !in_array($spidcie_level, [1,2,3])) $spidcie_level = $isCIE? DEFAULT_CIE_LEVEL : DEFAULT_SPID_LEVEL;
+                        if($atcs_index===null || !is_numeric($atcs_index)) $atcs_index = DEFAULT_ATCS_INDEX;
 
                         if($idp=="EIDAS" || $idp=="EIDAS QA") $atcs_index = DEFAULT_EIDAS_ATCS_INDEX;
 
diff --git a/setup/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php b/setup/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php
index 43cd5d5..8edc176 100644
--- a/setup/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php
+++ b/setup/simplesamlphp/simplesamlphp/modules/saml/lib/Auth/Source/SP.php
@@ -718,7 +718,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): void
         $b->setDestination($dst['Location']);
 
         /* SPID CUSTOM AttributeConsumingServiceIndex on Request */
-        if(!empty($state['saml:AttributeConsumingServiceIndex'])) {
+        if($state['saml:AttributeConsumingServiceIndex']!==null && $state['saml:AttributeConsumingServiceIndex']!=='') {
             $ar->setAttributeConsumingServiceIndex($state['saml:AttributeConsumingServiceIndex']);
         }
 

From e9f7976c296d411bdaa04549cb99cf3c114487b7 Mon Sep 17 00:00:00 2001
From: damikael <michele.damico@linfaservice.it>
Date: Thu, 28 Sep 2023 13:13:36 +0200
Subject: [PATCH 2/2] v.3.17.2

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index e59436f..deedb08 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
     "config": {
-        "version": "3.17.0",
+        "version": "3.17.2",
         "allow-plugins": {
             "simplesamlphp/composer-module-installer": true
         }