From 0f7e548623fe4956eeedc742b2a97fad184a8d15 Mon Sep 17 00:00:00 2001 From: Mads Freek Petersen <freek@wayf.dk> Date: Sat, 6 Sep 2008 15:59:51 +0000 Subject: [PATCH] Send non Success StatusCode as per the spec ie. as a two-level StatusCode element. Currently the only non Succes statuscode we use is NoPassive. HTTPPost required a follow up fix thats prevents a runtime error that occurs if we try to encrypt an assertion thats missing in unsuccessfull responses git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@858 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Bindings/SAML20/HTTPPost.php | 3 ++- lib/SimpleSAML/XML/SAML20/AuthnResponse.php | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php index 71ceba798..6b1b22b62 100644 --- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php @@ -127,7 +127,8 @@ class SimpleSAML_Bindings_SAML20_HTTPPost { $signer->sign($firstassertionroot, $firstassertionroot, $subjectElements[0]); } - if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption']) { + /* if the response status is not Success (eg. NoPassive) there is no assertions (firstassertionroot == null) to encrypt */ + if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption'] && $firstassertionroot != null) { $encryptedassertion = $responsedom->createElement("saml:EncryptedAssertion"); $encryptedassertion->setAttribute("xmlns:saml", "urn:oasis:names:tc:SAML:2.0:assertion"); diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php index 32ebfb432..080d5ea3d 100644 --- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php +++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php @@ -734,6 +734,11 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { </saml:AuthnStatement> ' . $attributestatement. ' </saml:Assertion>'; + $statusCode = '<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>'; + } else { + $statusCode = '<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"> + <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:' . $status . '"/>; + </samlp:statusCode>'; } @@ -750,10 +755,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { IssueInstant="' . $issueInstant . '" Destination="' . htmlspecialchars($destination) . '"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer> - <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> - <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" - Value="urn:oasis:names:tc:SAML:2.0:status:' . $status . '" /> - </samlp:Status>' + <samlp:Status>' . $statusCode . '</samlp:Status>' . $assertion . '</samlp:Response>'; -- GitLab