bugfix: log a warning instead on throwing an exception for invalid entityIDs (simplesamlphp#2449)

Author: tvdijen

docs/simplesamlphp-changelog.md

@@ -5,6 +5,29 @@
 This document lists the changes between versions of SimpleSAMLphp.
 See the [upgrade notes](https://simplesamlphp.org/docs/stable/simplesamlphp-upgrade-notes.html) for specific information about upgrading.
 
+## Version 2.4.2
+
+Released TBD
+
+* Fixed a bug where metadata-endpoints with isDefault set would not yield the expected metadata (#2439)
+* Fixed a backwards incompatibility that would throw an exception on an invalid entityID.
+  The exception was downgraded to a warning in the log (#2448)
+
+`memcacheMonitor`
+
+* Fixed an issue that prevented the latest version of this module from being installed on SSP 2.4.x
+
+`negotiate`
+
+* Fixed an issue that prevented the latest version of this module from being installed on SSP 2.4.x
+
+## Version 2.4.1
+
+Released 2025-05-14
+
+* Reverted #2278 because of a regression in SLO when using SSP as a bridge (#2436)
+* Fixed a dependency on a dev-version of the saml2-library
+
 ## Version 2.4.0
 
 Released TBD

modules/saml/src/Auth/Source/SP.php

@@ -17,6 +17,7 @@
     NoPassiveException,
     NoSupportedIDPException,
     ProxyCountExceededException,
+    ProtocolViolationException,
 };
 use SimpleSAML\SAML2\XML\md\ContactPerson;
 use SimpleSAML\SAML2\XML\saml\NameID;
@@ -126,7 +127,12 @@ public function __construct(array $info, array $config)
         );
 
         $entityId = $this->metadata->getString('entityID');
-        Assert::validURI($entityId);
+        try {
+            Assert::validURI($entityId);
+        } catch (ProtocolViolationException $e) {
+            Logger::warning($e->getMessage());
+        }
+
         Assert::maxLength(
             $entityId,
             C::SAML2INT_ENTITYID_MAX_LENGTH,