Send non Success StatusCode as per the spec ie. as a two-level StatusCode element.

Currently the only non Succes statuscode we use is NoPassive. HTTPPost required a follow up fix thats prevents a runtime error that occurs if we try to encrypt an assertion thats missing in unsuccessfull responses git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@858 44740490-163a-0410-bde0-09ae8108e29a

Send non Success StatusCode as per the spec ie. as a two-level StatusCode element.
0f7e5486 · Mads Freek Petersen · 1ea1aca4 · 0f7e5486 · 0f7e5486
Commit 0f7e5486 authored 16 years ago by Mads Freek Petersen
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -127,7 +127,8 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
 			$signer->sign($firstassertionroot, $firstassertionroot, $subjectElements[0]);
 		}

-		if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption']) {
+		/* if the response status is not Success (eg. NoPassive) there is no assertions (firstassertionroot == null) to encrypt */
+		if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption'] && $firstassertionroot != null) {
 			$encryptedassertion = $responsedom->createElement("saml:EncryptedAssertion");
 			$encryptedassertion->setAttribute("xmlns:saml", "urn:oasis:names:tc:SAML:2.0:assertion");
 		

--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -734,6 +734,11 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
        </saml:AuthnStatement>
        ' . $attributestatement. '
    </saml:Assertion>';
+			$statusCode = '<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>';
+		} else {
+			$statusCode = '<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+				<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:' . $status . '"/>;
+				</samlp:statusCode>';
 		}
 		
 		
@@ -750,10 +755,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 			IssueInstant="' . $issueInstant . '"
 			Destination="' . htmlspecialchars($destination) . '">
 			<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer>
-			<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
-				<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-				Value="urn:oasis:names:tc:SAML:2.0:status:' . $status . '" />
-			</samlp:Status>'
+			<samlp:Status>' . $statusCode .	'</samlp:Status>'
 			. $assertion . 
 			'</samlp:Response>';