validUntil updateable Metadata dependency breakage

[ckbaker10]

Hello,

The validUntil field being mandatory in the generated metadata leads to the fact that metadata expiry must be monitored or automated.

Some IdPs don't provide that feature easily accessible which breaks the libraries usability

A real world example exists in Nextcloud, nextcloud/user_saml#36

I've added a parameter to disable the validUntil from being included, as well as matching tests

Pull request: #569

[RoSk0]

Great to see #569 merged, but I don't see how can I use this feature as there is no interface to pass that ignoreValidUntil to the metadata builder.

Am I missing something?

[pitbulk]

@RoSk0

If you have the settings

$settings = $auth->getSettings();

You can invoke it with:

$spData = $settings->getSPData(); 
$security = $settings->getSecurityData();
$ignoreValidUntil = True;
$metadata = Metadata::builder($spData;, $security['authnRequestsSigned'], $security['wantAssertionsSigned'], $validUntil, $cacheDuration, $settings->getContacts(), $settings->getOrganization(), [], $ignoreValidUntil);

[RoSk0]

Hm, right. Sure, but why ?

I mean the output of Metadata::builder() would be incomplete and also that is not the recommended way according to docs here /~https://github.com/SAML-Toolkits/php-saml/tree/4.2.0?tab=readme-ov-file#sp-metadata-endpointsmetadataphp .

Are you saying I need to duplicate all the logic from the \OneLogin\Saml2\Settings::getSPMetadata() to generate the full metadata XML?

I believe it would be better to do it this way #602 . What to you think @pitbulk ?