Fix old use of comparison-enumeration

tvdijen · tvdijen · commit fd50471682bd · 2025-12-18T21:45:18.000+01:00
diff --git a/modules/saml/src/Auth/Source/SP.php b/modules/saml/src/Auth/Source/SP.php
@@ -23,10 +23,10 @@
 use SimpleSAML\SAML2\Exception\Protocol\NoSupportedIDPException;
 use SimpleSAML\SAML2\Exception\Protocol\ProtocolViolationException;
 use SimpleSAML\SAML2\Exception\Protocol\ProxyCountExceededException;
-use SimpleSAML\SAML2\XML\Comparison;
 use SimpleSAML\SAML2\XML\md\ContactPerson;
 use SimpleSAML\SAML2\XML\saml\AuthnContextClassRef;
 use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\AuthnContextComparisonTypeEnum;
 use SimpleSAML\SAML2\XML\samlp\Extensions;
 use SimpleSAML\SAML2\XML\samlp\IDPEntry;
 use SimpleSAML\SAML2\XML\samlp\IDPList;
@@ -41,6 +41,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
+use function array_column;
 use function array_intersect;
 use function array_key_exists;
 use function array_keys;
@@ -563,17 +564,16 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
         }
 
         if ($accr !== null) {
-            $comp = Comparison::EXACT;
+            $comp = AuthnContextComparisonTypeEnum::Exact;
             if ($idpMetadata->getOptionalString('AuthnContextComparison', null) !== null) {
                 $comp = $idpMetadata->getString('AuthnContextComparison');
             } elseif (
                 isset($state['saml:AuthnContextComparison'])
-                && in_array($state['saml:AuthnContextComparison'], [
-                    Comparison::EXACT,
-                    Comparison::MINIMUM,
-                    Comparison::MAXIMUM,
-                    Comparison::BETTER,
-                ], true)
+                && in_array(
+                    $state['saml:AuthnContextComparison'],
+                    array_column(AuthnContextComparisonTypeEnum::cases(), 'value'),
+                    true,
+                )
             ) {
                 $comp = $state['saml:AuthnContextComparison'];
             }
@@ -588,12 +588,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): Response
                 isset($state['saml:RequestedAuthnContext']['Comparison'])
                 && in_array(
                     $state['saml:RequestedAuthnContext']['Comparison'],
-                    [
-                        Comparison::EXACT,
-                        Comparison::MINIMUM,
-                        Comparison::MAXIMUM,
-                        Comparison::BETTER,
-                    ],
+                    array_column(AuthnContextComparisonTypeEnum::cases(), 'value'),
                     true,
                 )
             ) {
@@ -990,7 +985,7 @@ public function reauthenticate(array &$state): void
         if (
             $this->passAuthnContextClassRef
             && isset($state['saml:RequestedAuthnContext'])
-            && $state['saml:RequestedAuthnContext']['Comparison'] === Comparison::EXACT
+            && $state['saml:RequestedAuthnContext']['Comparison'] === AuthnContextComparisonTypeEnum::Exact
             && isset($data['saml:sp:AuthnContext'])
             && $state['saml:RequestedAuthnContext']['AuthnContextClassRef'][0] !== $data['saml:sp:AuthnContext']
         ) {
diff --git a/modules/saml/src/Message.php b/modules/saml/src/Message.php
@@ -22,17 +22,18 @@
 use SimpleSAML\Module\saml\Error as SAMLError;
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\SignedElement;
-use SimpleSAML\SAML2\XML\Comparison;
 use SimpleSAML\SAML2\XML\saml\AuthnContextClassRef;
 use SimpleSAML\SAML2\XML\saml\Issuer;
 use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
+use SimpleSAML\SAML2\XML\samlp\AuthnContextComparisonTypeEnum;
 use SimpleSAML\SAML2\XML\samlp\RequestedAuthnContext;
 use SimpleSAML\SAML2\XML\samlp\StatusCode;
 use SimpleSAML\Utils;
 use SimpleSAML\XMLSecurity\XML\ds\KeyInfo;
 use SimpleSAML\XMLSecurity\XML\ds\X509Certificate;
 use SimpleSAML\XMLSecurity\XML\ds\X509Data;
 
+use function array_column;
 use function array_filter;
 use function array_key_exists;
 use function array_map;
@@ -572,8 +573,8 @@ public static function buildAuthnRequest(
             $accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
             $comp = $spMetadata->getOptionalValueValidate(
                 'AuthnContextComparison',
-                array_column(Comparison::cases(), 'value'),
-                Comparison::EXACT->value,
+                array_column(AuthnContextComparisonTypeEnum::cases(), 'value'),
+                AuthnContextComparisonTypeEnum::Exact->value,
             );
 
             $ar->setRequestedAuthnContext(
