From 9fedfa35e3aee7668376b466a3cfc3e0bcc59bad Mon Sep 17 00:00:00 2001
From: Petr Skoda <petr.skoda@openlms.net>
Date: Wed, 3 May 2023 21:02:00 +0200
Subject: [PATCH] set SESSION->saml2idp during unsolicited logins

This makes the IdP known in saml_login_complete()
and tenant callback.
---
 .extlib/simplesamlphp/modules/saml/src/Auth/Source/SP.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.extlib/simplesamlphp/modules/saml/src/Auth/Source/SP.php b/.extlib/simplesamlphp/modules/saml/src/Auth/Source/SP.php
index 9d660346b..ce16e7bcb 100644
--- a/.extlib/simplesamlphp/modules/saml/src/Auth/Source/SP.php
+++ b/.extlib/simplesamlphp/modules/saml/src/Auth/Source/SP.php
@@ -1136,6 +1136,11 @@ public static function handleUnsolicitedAuth(string $authId, array $state, strin
         // Moodle hack to handle IdP unsolicited logins.
         $wantsurl = (new \moodle_url($redirectTo))->out(false);
         $SESSION->wantsurl = $wantsurl;
+        if (!empty($state['saml:sp:IdP'])) {
+            $SESSION->saml2idp = md5($state['saml:sp:IdP']);
+        } else {
+            unset($SESSION->saml2idp);
+        }
         $saml2auth->saml_login_complete($state['Attributes']);
         // Should never get to here.