[simplesamlphp] r3048 committed - saml:SP: Fix handling of samlp:Response without saml:Issuer.

[simplesamlphp]

Revision: 3048
Author:   olavmrk
Date:     Thu Mar 15 06:31:50 2012
Log:      saml:SP: Fix handling of samlp:Response without saml:Issuer.
http://code.google.com/p/simplesamlphp/source/detail?r=3048
Modified:
 /trunk/modules/saml/www/sp/saml2-acs.php

=======================================
--- /trunk/modules/saml/www/sp/saml2-acs.php    Mon Feb 13 04:50:35 2012
+++ /trunk/modules/saml/www/sp/saml2-acs.php    Thu Mar 15 06:31:50 2012
@@ -17,10 +17,26 @@
 if (!($response instanceof SAML2_Response)) {
 	throw new SimpleSAML_Error_BadRequest('Invalid message received to  
AssertionConsumerService endpoint.');
 }
+
+$idp = $response->getIssuer();
+if ($idp === NULL) {
+	/* No Issuer in the response. Look for an unencrypted assertion with an  
issuer. */
+       foreach ($response->getAssertions() as $a) {
+               if ($a instanceof SAML2_Assertion) {
+			/* We found an unencrypted assertion - there should be an issuer here.  
*/
+                       $idp = $a->getIssuer();
+                       break;
+               }
+       }
+       if ($idp === NULL) {
+               /* No issuer found in the assertions. */
+		throw new Exception('Missing <saml:Issuer> in message delivered to  
AssertionConsumerService.');
+       }
+}

 $session = SimpleSAML_Session::getInstance();
 $prevAuth = $session->getAuthData($sourceId, 'saml:sp:prevAuth');
-if ($prevAuth !== NULL && $prevAuth['id'] === $response->getId() &&  
$prevAuth['issuer'] === $response->getIssuer()) {
+if ($prevAuth !== NULL && $prevAuth['id'] === $response->getId() &&  
$prevAuth['issuer'] === $idp) {
        /* OK, it looks like this message has the same issuer
         * and ID as the SP session we already have active. We
         * therefore assume that the user has somehow triggered
@@ -50,11 +66,6 @@
                'saml:sp:RelayState' => $response->getRelayState(),
        );
 }
-
-$idp = $response->getIssuer();
-if ($idp === NULL) {
-	throw new Exception('Missing <saml:Issuer> in message delivered to  
AssertionConsumerService.');
-}

 SimpleSAML_Logger::debug('Received SAML2 Response from ' .  
var_export($idp, TRUE) . '.');

--
You received this message because you are subscribed to the Google Groups 
"simpleSAMLphp commits" group.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
To unsubscribe from this group, send email to 
simplesamlphp-commits+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/simplesamlphp-commits?hl=en.